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(54) Systmn and mettiod for controfling the use off a package of distributed appifcatlon software 



(57) A system for permitting only an authentic user 
to piay a desired apf^catian contained fri a distributed 
application package in one d predetermined operation, 
e.g., free play mode, charged mode, flrr^-attached pia^ 
mode. etc. The system ccvrprises a dient for playing an 
application under the control of a sender connected with 
the dient through a communication networtc The epfki- 
cation packige (the volume) includes a distrixition 
descriptor whteh contains mode codes assigned to the 
volume and tf>e applications of the volume. The data of 
distftxJtion descrptor is decided and stored in the 
descriptor at the time of distnbution of the volume. This 
feature makes the system flexft)la There is also dis- 
cfc)8ed a system opemlable without communicating with 
a server. 
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Description 

BACKGROUN D OF THE INVEm-jOM 

1. ReJd of the Indention 

The invention generally relates to a security system and, more specificatty, to a method «id system tor permitting 
an authentic user to use charged inlbnmaiion wNch has been distrixited via padcage or transmission media while 
charging and controlling the use of distritxfted charged information. 

2. Descripfon of the Prior Art 

In order to use charged information such as music, movies, games, etc provided by information providers that pro- 
vide varfous programs of such charged information, a user has generaU^ 

step), the user obtains a desired program trom one of the information providers by purchasing a pacf^ge mecEa such 
as an FD (floppy cfisc), an optical disc (e.g-. CO-ROM (compact cfisc read only memory) and DVD (cSgrtal versatile disc 
or Video disc)) , rfc. on ^Nfich t\e desired pnogram is recorded (off-Sne distrixitfon or obtaining) or by doiwi toadng the 
desired program from the server computer of an information provide through a pred^ermined proceckire (on-rme dis- 
traxjtion or obiairang). In case of the on-line obtaining, the user may «ttier ptay the program wMe obtaining rt fi.e.. the 
two steps are executed ffi pamfleQ or store the program while obtaining tt h tte 

as the second step (or using step). In case of the off-lme obtaining, in the second step the user loads the obtaned 
recording mecfia into an appropriate donee and directly plays (or executes) the program or once stores the program into 
tfie memory of the device and then plays the pro-am. 

J^nese Patent unexamined pi*licafion No Hei7^295674 (1995) discloses a security system Ibr use inihe sec- 
ond or using step for a CD-ROM. In this system, the user can use encrypted informatian which is recorded together with 
apU3licKoyofatdl center (a center public key) on a CO-ROM by encrypting with the cemer pubfc key an^ 
code of desired program tociuded in the infomialfon and a user-generated key to the infornvdion provkler and by 
decrypting the informatfon with an encryption toy wfMi has been encrypted w^ 

the informatfon provider. However, the identity of the user is not verffied. permitting a mala fide user who have obtained 

other person's CO-ROM to use it Further, the certer puttk; key is pressed together wft^ 

the CD-ROM. This makes it rfiffkaitt to change the certer public key. Also. tNs causes cfiffe^ 

wan! to use drffer^ center pubfic keys to force the C^-ROM manufadiffer to use different masters (or stanpers) in 

pressBig the CD-ROMs. 

Japanese Patent unexamined piAlication Ho. Her7-288519 (19^ discfoses a securi^ system Ibr use n both the 
first and second steps. HcMraver. this system is only applfoable to a system in which chEwged infonnatton is cSstrfouted 
onlin& 

Japanese Patent unexamkied puWteatfon No. Hei8-54951 (1996) discfoses a system in wfwch the quantity of used 
software is monitored, and further software use by the user is inpeded if the 

Since a dedicated hartkMare is necessary for irrpedng of software use. this system is only suit^e for the use in a 
server ki a on-line distribution system. 

There is also a system tor permitting a user to use. only for a trial period, software which has bemdistrixited with 
data defffiing the trial period. In this system, a niala fide user may rncto the software reusable by installir^ the soft^^ 
agaki or setting the user system cfock Ibr a past time. 

There are these and other programs in the art. It is an otjject of tfie invention to provide a system for permitting only 
an authentc user (a user who have legally obtained charged information either on line or off line from an informatfon 
provider) to use the charged Information without any fimitatfon, (rfafglng for each time of its use, or ¥wtNn the tderaive 
of a use-ymiting factor (e.g., the quantity used, the days elapsed since the day of Its purchase or the curent date) 
according to the type of the charged information. 

SUMMARY OF THE IMVEI^rnQN 

Accorcfing to the principles of the Invention, it is asswned that charged irtformation or an application package is dis- 
tributed, either via package (or recording) media or via transmissfon media, together with at least control informatfon 
such as a media titie and a media code. eto. However, an IHustrative enrtxxfiment wiH be descrfoed nwriy in conjunction 
with charged informatfon recoreied on and distrfouted by means of the DVD. 

any type of charged infomriatton, charged infornwtfon has be^ enoypted with a key and recorded on a DVD 
when obtained by a user. If distributed charged information to be played is of the limitlessly playabfo type, the charged 
intomiation processing is achieved in thefoltowing way: the key isfirst obtained in a user puUfo Key-encrypted forni Irom 
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the DVD on which the key has been reoorded at the time of seliing the DVD; the user public key-enaypted key is 
decrypted with a user secrrt key slaed in a IC card into a deaypted key; and the wxjrypted charged ffTformatkm is 
decrypted with the decryfrted key and ODnsumed (that is. ptayed or e}(^^ 
be obtained on Hne from the server serving the cGert (device). 
5 If distrtoutad charged infornration to be played is of the usage-sensitive charging type, the user rs charged for each 
time of using the information. In this case, prior to processing the charged information, the dient double-encrypts and 
sends a user's credit card nufrt>er to one of the to 11 servers of the provider erf the intonnatk)n; the s^ver adds an 
amount (e.g.. play time a duratkxi) used assodated with the inforrnatkin to ^ 

field in a volume data table, and sends the updated total amount vakie to tie dient; and the cSentcfsplays the updated 

10 total amwint. Then the dient starts the charged information processing. 

If dislrixited charged Infonmatfon to be played is of the limit*«ttached type, that is. the use of the informalion Is to 
be limited t)y the tolerme of a certain limiting factor concerning the In fon retion consumption, then the dient is permit- 
ted to consume the charged infomnation ordy if tf^ use^imiling factor is witfwi the preset limrt In case of tNs type of 
charged Intomiatton. prior to processing the charged infomiatioa the dient sends the identifier (ID) code of a user spec- 

is iriedappficatx)n which is recorded on the DVD to the server; on receiving tte 

facta associated with the user specified application is within the preset limit; » not then the server info^ 

the test result, and the diem dtspM the test resuH; tf the test was suocessfd. (hen 

integrated value) of the use^imrtlng facta and sends the MSdated value to the dient and In resp^ 

of the updated value the dient <fi8play8 the updated value. Then the dient starts the charged infonralion processing. 

20 

BRIEF DESCRIPTION OF THg ORAWII^ 

Furtha Objects and advantages Of the presort inventton wiH be apparent from ^ 
ferred embodiments of the Invention as illustrated in the accompany drawings. In the drawing. 

S6 

FIG. 1 1sablockctogramshowinganarrangememofasystemfbrpernittHigausertouseadsb^ 

package on the terms of use of the packi^ with a Ngha security according to a fi^ 

^Tventkxi; 

FIQ. 2 is a diagram showing an exemplary structure of an appfication (a a charged intormatkxi) package recoixted 
3P on a DVD used in ttie inventive system; 

FIGs. 3 and 4 are daspBms showing, In adetalled form, exemplary data structures (tf the votumedesotptor 22 nl 
the dislrbution desaiptor 23. respectively; 

FIQ. 5 is a flow diart of a volune oontrd program for pt£^ the appli^ 
the pTffKtple of the inveition: 

36 FK3. 6A is a dagram showing an exenplarystructi^e Of a volume data t^esh^ 1; 

F IQ. 6B is a dagram showi ng an exemplary structure of a appS cation data table staed in a server 8; 

FIG. 7 is a dagram showvig a stojctire of a server tsdsle 75 stored m the EEPROli^ 1 03 of tie client 2; 

FIGs. dA and 8B are f tow charts of initial routines executed Neradively by the cfient 2 and the sen^ 8. respec- 

tivety, at the beginning of the processes 650. 700 and 800. 
40 FIG. 9 is a flow chart showing a procedure of a free play process shown as step 650 in FIG. 5, wherem connectlr<i 

adjacert bfocksby twoftow lines incicates that each tikxM is executed ffiterac^ively by a dient and an associated 

server; 

FIGs. 10A and 10B are flow charts jo^ showing a procedt^e fonned of exemplary &f>ecXQd play time informing 
routines ffiteracttvety executed; 
45 FIG&IIAand 118 are ffowchartsfdntly showing aprocedurefbrmed of exenpla^ 

report routines interactively executed far playir^ an appficatton while timing the duration and cfeplaying a timed play 
duration after the play; 

FIGs. 1 2A and 128 are i^oa dwts jdntly showing a procedi^^e fonned of exemplary timed appScationi^y subrou* 
thes Biteractrvely executed fa playing the applicatfon wtvie timing the duration; 
so FIGs. 1 3A and 138 are fk^ charts joirrtly showing a pnx^edure formed of ^fenriative^^ 
tines interactivdy executed in wtiich tuning (rf play tkne is achieve 

FIG. 14 is a flow chart of an exemplary applfoation play subroutine caUed in steps 612 and 622 of FIGs. 12A end 
13A. respectively, and executed by the controlfer 100; 

FIG. 1 5 is a flow chart shaving a procedure of a charged play process 700 shown as step 700 in FIG. 5. 
55 FiOs. 16A and 166 are ffow charts jointly showing a procedure fornied of exenplary expected charge infamtng 
routines interactively executed; 

FIGs. 17A and 178 are ffow charts jdntiy showing a procedure formed of routines interactively executed in bfock 
650 of FIG. 15; 
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FIQ8. 1 8A and 1 8B are flow charts joint)/ showing a procedure formed of exemplary timed piay and metered chaige 
report routinee inferactivety exacuted for plc^ an applicalion while timkig the duralfon and displaying a chaige 
and a total snount of charges after the play; 

FIG. 19 is a flowchart showing a procedure irtefBCtK^ executed by the dient 2 

block 800 of FIG. 5, wherein blocks connected two flow fines indicates that operation of the bfocte is done by 
the two elements 2 and 8; 

FIQs. 20A and 20B are a Key-encrypting key table and a user^ public key table, respectively, stored in the server; 
and 

F)Q. 20C is affow chart of a process for obtaining the ^spfication encryptkig key Ky from the server 8; 

FIQ. 21 fs a block diagmm of an exemplary dedpherer-Uiitt^ IC card IF according to the Inventfon; 

FIG. 22 is a diagram showing a Kydeooder used in place of the Kv decoder 126 of FIG. 21 inaaystemi usmgthe 

cryplosystem of FIG. 20C; 

FIQ. 23 is a diagram for 6);3f^ning the meanings of the termsHifHise 
ues; 

FIG. 24 is a bfock diagram showing an anangement of a system for f^i^ng a distrisuted appfication package on 
the terms of use of the pad^age without comnwnicating wHh any server aocoftl^ 
ment of the invention; 

FIG. 25 is a flow chart sdienrntfoally showing an exenptary control pr 
in Fia 24; 

FIGs. 26 €nd 27 are ikm charts showing an operalfon of a free play mode shown in step 650a of Fia 1^ in a 
detailed fonm and a further detaM form, respectively: and 

FIG. 28 is affow chart shearing £91 operation d a Hnvt-^ttached play mode sh^ 25. 
DETAILED DESCRIPTION OF THE PREFERREO EMBQDIMENfTS 

For the sake of b^ underslancfing of the fbllMinQ desaiptton, it wflt ^ 

Charged information provided by an infomiation prcvxter may be distitxjted ofMine C<n off-line (Sstrbutton) or on- 
line On on-line <fistrttxjrtion). fn off-Kne cSstrixjtion, the charged information is recorded on package mecfia or recording 
nwfia. and distributed through the sales network of the provider, that is. sold at stores in the serfes networtc The padt- 
age media incbde all sorts of portidble recording media such as various types of ma^ietic discs, a variety of optk^at 
memory discs (e.g-. CD. CD-ROM, DVD), and matyietfo tapes and cartridges, fen online distribution, ihe chsrged Wbr- 
matfon is transmitted via transnflssion mecfia from the servers at the service points of the provider arKi the (SstrKxitors 
afigned with the provider to the dient device (e.g., PC (personal computer)) of the user who requested the charged 
infonnation. and stored in a recording media of the c^ent (devfoe). The tnansnrsssta media Bxfode any telecomrrwi- 
catfon channels whfoh pemiit data oommunfoatfon between the servers and the cSent device. The paotage media and 
the transnteion media are hereinafter refen-ed to en bfoc as \fistrt)utm 

The charged informatfon may be any type of software such as mi«ic. movies, games, eta which are each referred 
to as an "apfrfcation" without discrimratioa The distributfon unit of charged intornwtkxi is refenred to as a "chained 
information pactage' or an "appffoatfon package*. There may be included one or more appEcalfons in an ^catfon 
package. 

The presem inventk^n relates to a system for per mitlj ng a user to use a (fistr^ 
of use of the package with a hi^er seoffity. 

Embodiment I 

For the purpose of simplicity, a frst ilustrative embodment wii be desaibed in whfoh pactege mecfia. among otho- 
things. DVDs are used as cf strisutfon media. 

FIG. 1 is a bfock diagram showing an anangement of a system for penntting a user to use the appricatk)n(s) 
recorded on a DVD on the tenns of use of the DVD wfth a higher security accordfeig to the first ilkistraiive emborf ment 
of the invention. In FIG. 1, the system 1 comprises a dient or DVD player 2 wwhteh plays a DVD 3, a teleconwmnication 
network 4. and a server 8 at a toll center of the provkler 6 wf^ provides the applicatfon package of the DVD 3. 

FIG. 2 is a (fiagram show«g an exenptery structure of an application (or a charged inibrnHtfon) package 20 
recorded on the DVD 3 used in the inventive system 1 . In FKI 2. the application package 20 cort^x'ce& at least one 
application 21 , a volume (or package) desaiptor 22 comprising data con^ 

trfoutfon descriptor 23 oonprisnig data whfoh is determned mainly at the time of« e.g., distribution or sales after tfie 
pressing of the DVD 3. (The vdume descriptor 22 and the distrlxjtion descri^ 

of the volume 20.) In this embodiment it is assumed that a ^^me (or package) control program whfoh controls the use 
of the applfoatfon pactage 20 h ooopeiHtion with the sen/er 8 is included in and distrfouted with the applfoation package 
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20. Thu8, the application pad<age 20 lurther oomprisea the pactege control program 24 suited for the terms of use of 
the package 20. The appficat}on($} 21 . the volume deeatptor 22 arxl the package (or vok^) control pro-am 24 are 
recorded ^ the data area of the DVD 3 at the time of manufacturing the DVD 3, while the distri3ution desoqptor 23 is 
recorded in the burst cutting area at ffie time of, e.g.. sales of the DVD 3. 

5 FIQs. 3 and 4 are diagrams shoMving. in a detailed lorm. exemplary data structires of the volume descriptor 22 and 
the distrftxibon descriptor 23. respectively, in FIG. 3. the volume descriptor 22 at feast contains a volume identifier 
(VIDv) 25 which the title of the application package 20 is prot^ably used for and which is the same as the application 
identifier tf the package a volume 20 contains only one e^ipicatkxi; a provider identifier 26; volume creation date and 
time 27 which may t>e used for the base point by which volunie expiration data and time as described later is deter- 

10 mined; and volume effecth^ dale and time 28 indicative of date and time untf^ 

volume 20 contains more than one applications, the volume descrfjfor 22 further contains app6cation identifiers 
(AIDa*&)29. 

In FIQ. 4, the distribution desaiptor 23 comprises the fields of: a volume issue ninber (NOy^ 30 wtikti contaffis a 
serial number giv&i to each of the distrixited application packages of ffii identical volume ktentifier (votaie ID or titie) 

16 VIDyki the order of distribution; a server pii]lic key (PKJ 31 tiie data of whKh is given t)y the server 6 at a toll center 
of the provider 6; a PK^ (user-(xtiic-key)-enaypted application-encr^ng key (Ky) 32; and sates date axi time 33. The 
key PKs 31 field contains a key which has been used in encrypting each ^ipfication 21 in the package 20 and which 
has been encrypted with a user public key (PK;J of the user who has legally obtained th^ 
are recorded in afl of theftekte 30 through 34 at the time of distribution of the pactage 20, i.e.. at the time of sales of 

20 theDVD3inthisembodimert. 

The distribution descriptor 23 further comprises the f iekl 34 of terms-of -use code (mode oode) plus Kmit value for 
the volume (the volume Iknrt value field} and, for each of the application IDs 29, the fieUs 35 of temis-of-use oode plus 
limK value for Metrication ID 29 (application Kmit value field). If terms of use are set only to the volume 20. there Is 
no need of tfie field 35. If terms of use are set to each application, the field is enpty. 

ss FIG. 23 is a diaffam for e)ipl8irang tfie meanings of the terms-of-use (TOU) codes and the corresponding Omit val- 
ues. In FIQ. 23. the tenns-of-use code may be, ag., one byte In length. The higher digit (X) of the TOU code Micates 
the target to which the terms of use is applied as shown in table 36. That is. higher digts of 0. 1 , 2,... indkate tiat the 
TOO codes beginning with moee diffts arefor theenta-e volume, ication 1. £«9piication 2 and so on. The lower di^ 
(Y) of the above mentioned terms-of-HJse code indicates the terms of use of ttie pad^ge 20 or the appication 21 to 

30 which the code is set, and is directly followed by a conesponding limit value as shown In table 37 of FKx 23. Specif icaly. 
the temiSHTfHise code (a TCXJ code)of OOH means, for exanple, that the 
The vakie 31 K means, for example, that the applicalion 3 to which the TtXJ code i^ 

of play duraticm. The k>wer digit of 2H or more means thai the volume 20 or the applk:ation to which the TOU code is 
set can be used fre^ unifl the conresponding limit value are reached. wtw:h disables further use. As seen from the 

35 table, the use-fimrting factors determined by the 10U codes whose k^wer c^gits are 2H to 5H are the current date and 
time, the es^mtion ctete and time, the amount of used perkxl. and the access count respectively. 

Since the data of the distrixftion descriptor 23 can be set as described above, tr^ 
the users with moreflexfcility than conventional system can pr<^e. 

Again in FIQ. 1 . tiie DVD (riayer 2 comprises a controller 100 for controHing the entire DVD i^er 2; data bus 102 

40 connected with the not^^hown CPU (central processing unit), not-shown ROM (read-only memory), RAM (random 
access m&nory) 101. and EEPROM (electrically erasable programme FKDM) 103 included in the controller 100; 
human interfaces (IFs) 1 1 0 including irput d^/ices such as a keyboard, a voice recognition devk:e. a mouse, a remote 
controller, etc.; an IC card kiterface (IF) 1 20 for connecting the bus 102 with the ROM (rtc^ shown) si a IC card 5; a DVD 
driver 130 for readffig out the data recorded on the DVD 3 and for demodulating and erra-correcting the read data; a 

45 v«leo and audio output IF 140 for receiving a MP£Q 2 bit stream and oulputting a video and audio o^put signals; a 
display deoce 146; a toudspeaker 1 48, ard a oorrwnunication IF 150 for communis 

rHcationn6tMxk4. The IC card 5 stores a user's password PWu and a users secret key SKu which conesponds to the 
i«ef^ public k^ PKu mentioned in conjuKtion ¥wth tfie PKu-enaypted AP-^^ 

of the distrSsution descriptor 23 recorded in the burst cutting area of the DVD 3. The video and audio output IF 140 

60 includes a MPEG 2 video decoder 142 and a MPEG 2 audio decoder 144. 

As for obtaining the DVD 3. there may be some ways. If one is to buy a DVD 3. e.g.. at some book store or through 
mail Older, he ct she has to have the PKu-encrypted version of an appfication-enci y p li i i g key (1^) reooded in the burst 
cutting area of the desired DVD 3 by notifying his or her public key PK^ which corresponds to his or her secret key SK^ 
stored in the IC card 5. If one is a member of a DVD dtetribution service, he or she cafi obtain a DVD with a PKy- 

55 encrypted AP-encrypting key recorded without notifying the PK^ each time of obtaining because he or she must have 
notified tf>e PK^ when he or she applied for the service. 

In op&atioa the user first sets a desired DVD 3 in the DVD driver 1 30 of the DVD player 2, and issuer 
mandtothe DVD player 2 through an appropriate human IF 110. In response to a receipt of the start command, the 
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controller 1 00 reads the volune control program 24 from tfie data area of the DVD 3 through the DVD cMver 1 30 whHe 

loading the read program 24 into the RAM 1 01 of the controller 100. and then exBCUtes the volume control program 24. 
FIG. 5 Is a fbw chart of the volun^e control progam 24 tor playing the ^y l calJon(s) 21 recooJed on the DVD 3 

according to the prvK^ of the invention. In Fia 5, the controHer 100 fffi^ checks the AID1 field to see if the volume 
6 20 contains a single ^ication in step 500. If not then the controller 100 displays the c^spOcation IDs in the field 29 and 

pron^ the user to select a desired one of the applications in step 502, and wails tor the selection in step 504. If any 

appScatfon is selected in step 504. the oontnoaer 100 registefs the application ID of the apptolion as the application to 

t>e pliyed in step 506 and proceeds to step 508 to check the field 35 of the ternsKjf 

the selected appttcatoi to see if the f^d is enrpty. if sol the oontfofier 100 pr^^ 
10 fieid34. 

On the other hand, ff the test resuK is YES HI step 500, then the cornier 100 rego^ ID as the appli- 

cation to be pi^ed in step 51 2, and reads the volume Kmit value 34 in step 51 0. 

tf the step 510 is completed or the test result of step 508 is NO. then the contrc^ 100 chads the tenms-of-tse 
(70U) code to see if the lower digit of the lOU code is 0 in step 5M^ 
IB freeofchafge^step650.andothenMBemal«sanolhwcheckt08eeifthelowerrf^ 

if so. the controller 1 00 plays an application in a usage-sensitive charging in step 700, and otherwise Qf the lower cggtt 
of the TOU code is 2 or nwe) pifiy an ^ication only when the software m«er 
value fi step 800. On con^eting any of the steps or processes 650 throus^ 600. the co^ 
24, Thus, the DVD player 2 plays a projpnm specified by the usff acoor^ 
20 code which has been set to either the application pack^ or the spedTieda^ 

The processes 650, 700 and 800 are execUed imeradively with an associ^ 
ous data for epcecutkig these processes, and store such data in the tomri of tables. 

FIG. 6Aisadia9Hm8hcMmganexenplarystrix:tif'eof avolumedatatablestoredina^ In FIQ.6A,Each 
of the records of the volune data table 60 conprises volume ID (VIDv) and 1^ 
25 VlDvandfK>^serve8as1heuserlDoftheu$eroftheapplicalk)np8Gl<age20ort^ 
60 has, for the fneni}er8 or subscribers of DVD distrixftion senn^ 

example, a member ID, a name, an address, etc. Each record fiirther conprises a volume minute meter field (VM- 
MCTEfVi) oonlaning a software meter of play duration in minute which is attached to (or associated with) the volume 
20: a volume charge meter (VC-METEf^J contakiing a scftwa-e charge meter wt«ch is attached to the volume 20; a 

so limit value (LVy^ containing a limit value assodated with the TOU code (e.g.. the eflecave date and ikne, the viewable 
expiration date and time, the allowable access, etc.); a Mt value meter (LV-METEIVj); an sv^ptication ID (AIDy+J field 
containkig the title of the appficaticn; an application nwiute meter {AM-METEfVjJ fiefcl oontainkig a softw^e meter of 
play duration in ininule which is attached to the application of AID,^ 
field tor a software meter of play duration in miftite wNch Is attach 

35 containing a lintit value associated with the KXI code; and a lima v^ 

FIG. 6B is a dagram showing an exemplary staicture of a ^ication data tsAile stored k\ a server 8. In Fta 68, 
the applicatton data table 70 comprises the fields of, for example, an i^icalion code (ACX)DE„), an ^jpfication title 
(AIDJ. a duration (D). a rate-per-access (RATE/ACCESS), an access count, a nwwte meter, etc. The duration is a 
period of time what it takes to play me application. The rate per access is a charge for a play of the whde creation, 

40 Which is used tor infommig the user Of an expeded play duration pitor to a 
unit time of pl^. which is used for the calculatton of a charge tor an actually timed 
minute meter fields contains the number of accesses to the appTication ^ 

necessary for the present invention but will be used in stertistical cakaiations for the amdysts of, e.g., the tastes. 
FIG. 7 is a diagram shwing a structure of a server table 75 stored m the EEPROIi^t 103 of the dient2. In FIG. 7, 
45 the fields of the table 75 comprises a server puWk: key (PKJ. a server ID (SID J. a server network address (SADDJ. 
etc, this table 75 is used for associaitf^g the sever public key (PKe) contained in the cfctnlxtfon descrfitor 23 recorded 
in the burst cutting area ol the DVD with the ID and the network address. 

Pliy an Applicatfon Free of Charge 

so 

The initial routines of the processes 650. 700 and 800 are the same. 

FIQs. 8A and 88 are ffow charts of riitial routines 80a and 80b whkii are executed interactively by the client 2 and 
the senrer 8. respectively, at the begkinfexi of the processes 650, 700 and 800. In FIG. 8. the contrdler 100 of the cSent 
or the DVD 2. in step 82. sends a sennce request with the n^work address CADDc of the c^ 
65 plus limH value, the volume ID (VIDv), the issue numbw (NO^J. the application ID {MO^.^^. anA other data to the asso- 
ciated server 8 the ID of which is SID^ (SID^ is obtained from the table 75 in FIG. 7 by using the public key recorded on 
the DVD 3). and in step 92 waits for a response from the server (SIDJ 8, H there is a response from the server (SIDJ, 
the cfient 2 proceeds to the next step through a drcle with "A* therein. 
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On the other hand, in FIG. 86. the server 8 ol SlDg receK/ee the message from the dient 2. that is. the service 
reediest and the aocompanying data and stores date ki a predetermined location for stbsec^jent use in step 84. Then, 
the server 8 searches the tsdble 60 fcx* a reconJ «vt^ cxHitains VIDv and NCVh the volume ID and issue No. lields 
thereof, respectively in step 86. If the search is unsuccessful, then the server 8 adds the record for ViDy and NO^ and 

5 fits relevant fields with AIDy.!^ and a (init value, if any. in tttetsyble 60 in step 88. and proceeds to step 90. Also, ffthe 
search in step 86 is successful the sender 9 proceeds to step 90. where the server 8 seleciB a routi^ 
according to the value of the 10U code and enteiB the selected nxJtine through a drde with "B" therein. In tfBS case, if 
the TOU code » xOH (x: an arbitrary HEX nunber. the le^er H in the last position indicates that the preceding number 
is in hexBdedmal). th^ a roUine for playirtg an application free of charge is selected. If the TOU code » xl H. then a 

10 t<^m for playing an appficatfon in usage-sensitive charging is selected. If the TOU code ^ x2H, then a routine is 
selected whkii plays an applicatfon only if the software nieter of a use-lin^ 

FIG. 9 is aflow chart showing a procedure of a free play process shown as step 650 m FIG. 5. wherein connecting 
adjacent bbcks by two ffow lines tncfcates that each bfock is executed interadivety by a diert of CAOO^ and an ass<^ 
ctated sewer SiO« as shown hdetaS later. If the TDUG0de{s0in5tep514of Fia 5. then the server (CADDc) enters 

IS the free play process 650 as shown in FKl 9. and the cfierit and the sen^(SDJ execute the ir^ 

660. In block 670. they executes an eoq^ected i^y time informing routine, that ^, displays an expected play time before 
playing an specSied applicatfon. In bfock 680. they execute an appteation pl^ and metered play time report routine. 
Since the routine 80 has been detaHed in Fia 8. the expected play time informing routine and the application play and 
metered play time report routine will t>e detailed in the fotfowing. 

20 FIGs. lOAand 10B are ffow charts johtty showing a procedure formed of exfflnplaryaq)6Cted^ 

routjnes97aand97btnteractively executed by the dient 2 and the associated server 8. respectively In FK3L lOB.the 
server 8 retrieves the dilation (□„) of the application of AiDy^^ from tie t^e 70 in a weU known marvier in step 91. In 
the next step 92. the server 8 calculales an expected total amourrt of play time acoorc^ 
SpecTtcally, if the TOU code is OxH, then the diem adds the duratfon [Dn^ 

26 record identified by VlOy and f«KVj in the table 60. If the TOU code is axH (a: fte ap pl ic a tfon number of the specified 
application in the volume), then the cfient adds the duration (D J and the value of the AM-METERv4^ field of the record 
ident^ied by VID^ NOv.|, and AID^^^ in the table 60. Then thte server 8 sends the result to tfie cHent whose network 
address is GADOc in step 93. and ends ^e process. 

On the other hand in FIG. 10A, tfie client 2 rec^ves the incoming messs^ or the vatue of the updated meter in 

30 step 94. In the next step 95. the value is displayed as the total amount of usage. Then the di^ 

In ijfidatir^ a relevant meter, a predetermined value of <fajrBtion has been used inthe justdescrfoed routines o( FIG. 
10 (a preset vafoe nietering system). TTiis anrangernent is suited rminly for 

to play, and wii not cause a prot^em unless the user discontinues the play. From this point of view, it is prefer^ to 
actuafiy measure the playing tkne in metering (a timed value metering system). However. It is also noted that the preset 

55 value m^ering syst&n is ueefd in infonming the user of expected play tarne prfor to an actud playing. 

FiGs. 1 1 Aand 11B are ftowcharts jointly showing a procedure formed of exenrplary timed pl^ and metered usage 
report routkies 675a and 675b im^BCtively executed t>y the client and the server, respectively, lor pSayt^g an appTication 
while timing the duration and (fisplaying a timed plc^duratfon after the play, fo the ro^ 
call a timed application-pl^ aixoulsne tor playing the applicatfon whie tmfog the (Oration (pHa^ time) in step 200. 

40 Then the sen/er 8 proceeds to step 21 0. where the client updates a relevartt m^er aooordng to the TOU code in 
the same manner as in step 92 of FIG. 10B. Spedfica^. tf the TOU code is QxH. then the play tstie isadded tothe vakie 
of the VM-METERy.| f ieU of the record identHled by VIDv find NO^i in the table 60. If the TOU code is axH (a: the appfi- 
cation ttavbef of the specified application in the volume), then the play time is added fo tt>e value of the AM-METERvu 
^ fiefo of the record identMled by VID^ ^K)v.|.andAIDv.|.^^nthet3bfo60.Thentheserver88enctethepl^tnneandthe 

45 value of the updated meter (i.e.. the total amount of play time) to the dient whose networit address is CADDq in step 
212, and ends the process. 

On tiie other hand, the diem 2, after step 200. make a test to see K there is a response 
step 21 4. This step is repeated until the dient 2 receives a caH from the server 8. when the client 2 receives the inoonv 
ing message or the value of the updated meter in step 216. In the next step 218. the client 2 displcys tfie play 6ne and 

60 the total amount d play tinrte. and ttien ends the routine 675. 

FIGs. l2Aand 12B are ffow charts jdntty showing a procedure fom^ of exenptary timed appfic^ 
tines 205a and 205b executed t>y the dient 2 aid the sen/er 8, respectively, for pte^ng the appfioalfon while tin^ the 
(ftjratfon. The senw 8 of SID, waits for a notice bi step 611 to see If the dient has started playvig the application. On 
the other har>d, thedtent2of CADDc informs the server of a start of play fridep 610 and immec^ately call Ctfi ^iplication 

55 play subroutine in step 612. This, causes the serverato start a timer in$tep613, and watts fo^ 

from ttw cfient 2 in step 61 5. On completing the step 61 2, the dient kiforms the server 8 of the stop d play in step 614. 
In response to this notice, the sen/er 8 stops and reads the tinier as the play time in 
the dient and the server return. 
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ThCKjgh the above descriaed afiangemem has i£ed a 
client. 

FiGs. 13A and 1 3B are flow charts jointly shoMnnQ a pox^re formed of e^emative imed appltcation-play subrou- 
tines 205ac and 20%c interactivel/ executed by the dient 2 and the server 8. respecth/ety. in which tinwig of play time 
is achieved with a timer in the dient In the i^emtive subroutine 205a. the dtent 2 starts a tinier step 620. calls an 
application play routine in step 622. stops the timer in step 624, sends the play time to the sen«r 8 in step €26, and 
then returns. On the other hand, the sender 8» on entering the subroutine 295b. warts lor a call from the cfient of CADDc 
instep621. If there is a call from the dient 2. then the server 8 receives the play tinie in s^^ 

However, the an-ang&nent of FKB. 13 has a posslM^ of pennrtttng a matafde user to nw^pulate file timer of the 
cKent 2. Rom tNs poht of view, the anangement shown in FKj. 12 is preferable to that of FIG. 13. 

FIG. 14isaflowchartof an exemplary appScationptey subroutine cafled in steps 12Aand 
13A. respectively, and executed 1^ the controller 100. 

Pria to the description of the flow chart we define some notation concern!^ 
irig X with a key £K accordine to an encrypftig algorithm e yields Y then it is 

e(EK,)0-Y 

Simaarty. if decrypting Y with a key DKaooordng to a decrypting algorithm d yields then it is eqvessed as: 

d(DK,Y)«Z 

Assuming that the aJgoritfm e and d and the keys EK and DK conrespond ea* 
that 

d(DK.e(EK. X})-X 

Returning now to FIG. 14. the controller 100 read tfie PKu-encrypted application-enorypting (AP-encrypting) key 
(Kv) a el(PI^ Kv) from the fBed 32 of the distri)utk)n descry 

v-1,2,....V 

where V is the number of kinds of the €93plicafion package. T>w indicate 

through is assigned to respective kinds of applications, thm is. volune VI01 through VIO^. 

In the next step 604. the user secret hey SKu is read from the K^canj 5. In the next step 606. the PKu-encrypted 
AP-encrypting key el (PK^, K^) is decrypted with the user secret key SK^ to obtain the ^icaton encrypting key 
Then in the next step 608, the K^-encrypted application (AP), i.e., e{K^ AP) which is recorded on the CM) 3 is decrypted 
with the obtained AP-encrypting key to obtain d(K^ e(K^ AP)) - AP . wt^e passtf>g the obteinod applicatkxi data 
to the video and audio output IF 140. The cbtakied app&cation data has the form of an MPEG 2 bit stream. The video 
and audk) output IF 140 converts the MPEG 2 bit stream of the application data into video arvl audio ou^ signals 
through MPEG 2 video and audio decoding. The vkleo and audio ou^ signals are appfied to the dispi^ device 146 
and the ksudspeaker 148. respedivety. 

Play an Application in Usage-sensitive Charing system 

FIG. 15 is a ftow chart showing a procedure of a charged play process 700 shown as step 700 in FIG. 5, wherein 
connecting adiacentbfocks by two fkMP Ihes indicates that each bfock is execUedimeractively by a cientc^CAOD^^ 
an assodated server of SIO^ m Fia 15, the dient 2 entem the process 700 via step 516 of FIG. 5 and proceeds to 
blodc 630. where tfiecfiem 2 and the ssociatedsen^ 8 execute the initiai routine In the next bk>ck 640. the dient 
2 displsq^ an expected charge and a total amount of charges received from the server 8, and let the user decide 
whether to play the desired applicatkKi. 

FIGs. 16A aid 16B are ftow diarts jokitty showing a procedure formed of exemplary expected charge informing 
routines 640a and 640b int»Bctively executed by the dient 2 and the associated saver 8. respective. The routines 
640a and 640b are very similar to the routine 97 except that in the routine 640. the DURATION (D J or Vay time" has 
been replaced with FWTE PE R ACCESS and "charge"; between stepe 92a and 93a. there fes been added a step 641 
of the server generating and storing a pseudo random number R in a memory focai^ 
the pseudo random niffnber R as weH; bebween steps 94 and 95a there has been added a st^ 
the received pseudo random number R in a memory locatfon R" for subsequeit use. The replacement of DURATION 
(On) with RATE PER ACCESS is achieved by accessing a RATE PER ACCESS fiekJ 74 instead off a DURATION f ieM 
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73 in table 70. Further, in the routine 640 there have been added the folowing steps: tn step 644 fottowing the step 96a. 
the diett 2 makes a check to see if the userdectiestoplaytheapp6cation:if not.thecient28end8a(^nr)essageto 
the server of SADDb ri step 645. and ^ids the routine 640; on the other hmid. in step 642 foilowtno the step 93a. the 
server 8 of SIDj waits fcx a call from the cliem 2 of CADDc; on reoewing a call ft^ 
check in step 646 to see if what has been received is a quit message; if 8Gi the cient 
user deckled to play the applicatkm in step 644, which nieans ihm what tfie ser^ 
but an encrypted aeditcaidnunto as seen from the descristionbekiw. then the 
the step 650 of FKjL 15, 

In the next bk)ck 650. the server 8 obtains a user's credit card nuni>er (CX>K)u) throu^ the dient 2 keepir^ the 
security of the card nmter as shown in FlGs. 1 7A and 1 7B. In step 647. the dient 2 encrypts the oretSi caid mrrb&f 
of the user wrNch has been irput by the user through a human IF 1 1 0 with a key. la , tlie pseudo random number R 
which has been stored in a memory k)cationfr in step 643 of FIG. I6AI0 obtain e2{a CCNOu). In the neo^ step 648. 
the dient 2 further encrypts R ^ e2(R, CCNOu) with another key or a server public key read from the distribution 
desaiptor 23 recorded in the burst cutting area of the DVD to obtain 
e1(PK^R + e2(R. CCNOu)). 

In the next step 649. the diem 2 sends the ^Krypted data to the server 6. Through step 646 of Fia 168. the server 
proceeds to step 650, where the server 8 finds that what was received from the dient CADDc is encrypted data. In the 
next step 651. ttie server 8 reads a server secret key SKe from an 10 card 7. in the next step, the server 8 decrypts the 
received enaypted data with the server secret key SK« as kAlcwt: 

6USK^ encr^ed data) « dUSK^. e1(PK,. R ♦ e2(R, CCNOu)) « R + e2(a CCffOu). 
In step 653. the server 8 makes a chedc to see if the just obtained psaido random nunte 
nuniser R wHch has been stored in a menx)ry kx»tion R d the server, if so. the server 8 sen^ 
the dent of CADD^ asxi in step 655 decrypts e2(R. CCNOu) with the pseudo random nunter R to obtain the user's 
aedit cad nunte CCNOu. On the other hand jn response to a reception of the en^ 
2 exits from the process After step 655. the s^ver also exits from the process. If tt^ 

server 8 sends a disable message to the dient in step 656. and ends the process. In response to a receptton of the dis- 
able message in step 657. then the dient c£srrfays a message to this eftodffi step 658. and th^ ends the proc 

After operatk)n of bkx:k 650, the dient 2 waits, in step 663. for a report from the server on wh^her ^e credit card 
for the transmitted card number (CChJOu) is vaM or not while the server 8 refers to 9ie aedit company associated with 
the card m^nber h step 661 to see if the credit card is valid, if not the server 8 infonns the dient 2 of the inv^idity of 
the credit card in step 662, and ends the process. If the card is valid ii step 661. the sermr 8 informs the dient of the 
vaficityin8tep667. If the diem 2 receives a report from the sen^ri step 663. the diem nnakes another chedc in st^ 
664 to see H the report indk^es the validHy of tfie card. If nca the cfiem dispt^ 
step 665. and dids the process. If the report indicates the validity in step 664. whk:h means the ooni^^ 
then the dient 2 and the sen^^ 8 proceed to the next block 670. 

Instep 670. the diem 2 and the sen/er 8 execute timed play and metered chari^ report routine. FIGs. 18A and laB 
are ftow charts jointly showing a procedure formed of routines 675ac and 675bc HTteractivety executed for playing an 
appiicatkNi whie tkning the duration and display a charge and a totel amoum of charges after the play. In FIG. 1 6, 
the routines 675ac and 675bc are identical to the routine 675a and 67Sb in FIQs. 11A and 11B except that Hme" has 
been replaced with 'charge*, and accorcSngly VM-METER and AM-A^TER have been replaced with VC-METER and 
AC-METER, 

The operatfon. in the diem 2. of playing an appfication on usage-sensitive charging is oonpleted by bfock675 of 
FKa. 15 or step 218a of FIG. 18A. After step 212a, the server 8 chaiiges the play to the aedit card nunber CCf^ 
ob&inedinstep655ofFIG. 17Bki8tep680. Ihis completes the whole of the chaiigedappricatk3nptByproo^ 
15. 

In this process, only information on charge is given to the user. It is very easy to provide informatfon on both time 
and charge by adding steps 9ittvou8h 93 and 95 to the routines 640b and 640a. and t^adcSng steps 210 and 218 to 
the routines 675bc and 675ac 

As descri)ed above. ^4)ected time andtor ch^ge are fis] displayed before playing a us^ specified appficatkxi. 
This is he^d for the user to dedde whether to play the application. Additionally, charging is done based on tte actually 
tkned play duratfon. This makes the chargpng reasonable. 

In the above descr^itkm. the arrangemem is such that the user has to input Ns or h^ 
each time heorshewontstoplayanappGcation. However, instead of doing this, lha credit card number CCNOu may 
be stored in non-vdatile memory or EEPROM 103 in a PWu^encrypted form. In this case. CCNOu is okTtained by 
decrypting PWy-encrypted CCNOu (e.g.. e(PWu, CCfvlOu)) with a password emered by the user. That is, d(emered 
password. e(PWu. CCNOu)) • CCNOu. 
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Permit the Play vmn a Preset Urnt 

FIQ. 19 is a flow chart shcjwing a procedure interacth^ety dient 2 aid the server 8 in the operation 

t)lock 800 of Fia 5. wherein blocks connected with two flow lines indicates that op^on of the btocks is done by the 
two eternents 2 and 8. in this case, ft is assumed that a preset limit is recorded in or on the ^aplicati^ 
transmrtted from client 2 to server each tinrw of play. On entering the process 800 via step 516 of FIG. 5, the cfient 2 
proceeds to step 801 . where the diertt 2 arvj tfie server 8 executes the irihiai 

if there is a recwd for VID^ and NCVh then the limit value (LV^i) field of the table 60 of FKjL 6A oontans the liirtt value 
transmitted from the cfieiTt 2. othenwise. the received limit value is stoted in the LV^^ 
N0v4 added in step 88. 

In st^ 810. the server 8 md«s a check if a meter assodated with the TCX> code re^ 
the IMt value. This check is made cornparing an LV field and LV-meter field associated with the TOU code in tedble 
60. if the value of the LV-rneter is equal to or greater than the LVfieM value, then the sen^ 
sage to the dient 2 in step 820. If not, the server 8 returns an underlimit message to the dient 2 in step 822, and pro- 
ceeds to step 828. If the client 2 receives the overiimit message in step 824. then the dient 2 cfeptays a message to this 
effect Knot, the dient 2 proceeds to the step 828. 

Since the e^qpoded play time informkig routines 97a and 97b and the application play subroutme 600 has been 
desaa)ed above, ttie description of steps 828 and 830 are omitted. 

AoGort£ng to tHs feature of the invention, it is possisle to limit the use of c^ i rribr mati on. This feature is espe* 
cially useful in case when a user who have paid in advam:e for the use of the ^3^^ 
the application package within a limrt value. 

T1x)ugh it has been assumed that the limit values are induded in the ^ication package, the limit vatues may be 
kept in tiie servers of the provider or disfrbuter from thie beginning. In tNs case, ti^e l&nft vakies are foced. Howe>«r. if 
limit values are permitted to be set and recorded In the application package at the time of dtstrftxition or sales, the linit 
values are advantageously set according to an amount paid. 

As is apparent from the foregoing, as a limit value, any use-limtthg (actors will do ttiat can be measured in quan% 
Su^hfiTTA values are. for exarrple. the effective date »idtin^ the alfowabfo expiration date and time, the maxvnum 
amount of pl^ time, the BNoiMafare access oounL 

It is also possUe to contine this feature witti a charged application play feature. That is. an arrangement rraty be 
such that the user is pernvtted to use an applk^ation package on usage^sensrtive charspng only the value of an LV- 
meter assodated with the TOU is under the value of the con-espondsig LV or the va^ 
tfw distrfoution descrptor 23. 

Modification I 

In tfie abo/e embodinient. applications, if more than one, in one volume v e encrypted by an identical application 
encrypting toy K^^ Howew. the sfjplteations AF»a in one volume may be encrypted with respective AP-encrypting keys 
Ka. where a tower case V folkwaig AP and K is a serial nun*er assign^ 

the AP-encrypting keys K. are encrypted with the user public key PK^^ and stored In the PKu-encrypted /^-encrypting 
key(KJfiekfe32ainthedistnxjtion descr^23. 

Modification II 

It tm been assumed tiiat the user of the DVD 3 is Brrtted to the purchaser tfiered 
AP-encrypting key (K^) recorded on ttie DVD 3. However, the system may be so arranged that predetenrtned people. 

e.g.. famay members FM^. FMg FM^ of tfie purchaser can use tfie DVD (N is the number of ttie femily meihbeiB). 

One of the ways to realize this is to encrypt the AP-^ncrypting key «^ 

« 1. 2.-..N) to obtain e1(PKj^i. K,). e1{PK^2^ fC^)..... el(PKu^, K^) and to record them in the PK;Mi-erorypted AP- 
encrypting key el (Pi^n* t<v) fields 32 of the distribution descrijia 23 at the time of purchase of the DVD. 

Modification III: Ky Retrieval Rom Server 

In the above description, the AP-encryfrt'ng key Ky has been recorded in a PKy-encrypted fonn on the DVD 3. How- 
ever, the AP-encrypting key K^nwy be managed by tiie sen/er 8 and transmitted to tiw diem or the ^ 
response to a request issued from the DVD player 2 each tkne of use of the DVD 3. In this case, there is no need of 
prowding tiie distrtoution descrpta 23 with tiw PKu-encrypted AP-encrypting key f^ 32. instead each of tiie servers 
has to store an AP-encrypting key table (or K^taWe) anda PK^ table(shown in FIGs. 20Aand20B) m the haiddlsc. As 
shown in FIG. 20A. ttie taUe a volume ID (VIDy) f iekf (as tfie enfcy of recoitO an^ 
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each recoid. fri FIG. 20B, ea(^ recwd of the PK^ table c»mprise8 a volwne ID (VIDv) field (as the entry of reoord), a 
volume issue number {NOv.|) field and a PKy field (Successive same values in the first field are shown by showf^ only 
the f Rst appearing one). Further, the process (or step) 61 0 of obtaining the AP-encrypting key Kv» that is. a groiqp of the 
steps 602. 604 and 606 in the application play routine 600. has to be replaced with a process of Fia20C. 

B FIG. 20C is a fk)w chart of a process in wt^ch the cfiemDVO player 2 obtains the ap^ 

theeerverS. fen step 616. the server 8 retrieves a key Kyfrxxn me 1^ table by using In the next step 61 8, the key 
is encrypted with an arbitmry number used only the ctjrrent process. e.g.. a pseudo random ntmiber R to dbtasx 
e2(R,Kv). fri the next step 620, the server 8 retrieves a key PKy from the Pitiable by readinQ the PKufieW of th^ 
whk^h ccxitains VID^ and NO^.! in the VID^ and NO^^ fiekis. respec6vely In the next step 622. R * e2(a K^} is encrypted 
10 with the retrieved kay Pl^ to obtain a 6oMe encrypted AP-encrypting key 
e1(PK,,.R + e2(R.K,,)). 
which is returned 10 the client wHh a dient networit address CADD^ in the next step 624. 

On tfie other hand, the controfler 100 of the dient 2 waits for a response from the server 8 of SID^ in step 626. If 
there is any response from the server 8 of SIDb in step 626, then the client DVD 3 receives the data e1(PKu. R + e2(R, 
IS Ky)} from the server 8 in step 628. in the next step 630. the received data is decrypted^ 
from the !C card 5. Specrfk»lly. the foOowing cakxilation is dona 

d1(SKu, el{PKo* R + e2(a K^))> «> R + e2(a K,) 
In the next step 632. e2(R. Ky) is decrypted with the obtained pseute 
culationisdone. 
20 d2(R.e2(aK,))«»>K, 

Thereafter, the controfier 1 00 proceeds to the step 608 of FIG. 14. 

In tNs modification, the applications APa in one volume may be encrypted with respective AP-encrypting keys K«. 
in tf^ce^ the Kyteyble has to be replaced wfthK^ table in whidi each reo^ IO(AIDJfteU 
andanAP-encryptingkey(KJ flekJ. Further in step 612. the controHer 100 of the DVOpf^ 2 has to also sen^ 
2$ appfication 10 of the appficafkm to t)e played to the server. 

Also h this modKicatkyi. the system may be. again, so arranged that predetermined people, e.g.. fan% members 

FMv FM2 of the purchaser can use the DVO(N is the number of the famSy members). In tNs case, tor each 

member FMn (n«1,2 hfl. the server 8 has to use the mender's own pubSc key PKt^ in encrypthg the AP-^^ 

ing kay Ky. (>ie way to realize this is to issue a volume issue nunt)er hOv4^ 
so of the DVD. provide ^ non-volatite memory (not shown) of the DVD pfaiyer 2 with a tdble tor assodaling the user^ 
pas9wofd PWn wHh the vdunne Issue number NO^ki* send the volume issue number (N0«^ assodaled with the 
user^ passwoicl in 8tep 612. and use not the PKu table but a PKu^ table in whk:h ea^ 
fieUs: 

VID,.NOv.Hn. PK^n. 

35 Anothw way is to issue and record not only a volume issue nisnber NOv-i but also family member nunbws FMNn for 
all members at the lime of sales of th e DVD. provide the non*volatite memory (not shown) df the DVD player 2 with a 
table tor associating the user's password PWn with the con^esponding tomily member number FMNn, send the volume 
issue number (NOy^ and ^e family Riennber number FMNh a 
another PKg.^ table in whkii each of the recoitls has the toltowing fields: 
40 VID^ NOvH- FMfsbi. PKu-n. 

In the process of FIG. 20C. the sen/er 8 may be authenticated by means of a pubtic-ki^cryptDsystem usinga pair 
of sender secret and pubfic k^ (SK». PKJJn this case, the server 8 8^ the doubto-^^ 
e1(PKu.R + e2(R.Kv)) 

with a signing key a the sen/er secret key SK. after step 622. V^ite the cfient or DVD player 2 tests the signature by 
45 the sender 8 with a test key or the sen^pubfic key PK. contained in the PKgfi^ of the distrixifion descriptor 23 

recorded in the burst cutting area of the DVD 2 before step 630. 

However, even if jud desaibed authentk:a!ton of the sen«r 8 is omitted, an attacker wiS never go to any greater 

length than a steal of IDU code plus imrt value, a volume ID VID^ a volume issue nimber NO^^. and the di^ network 

address CADD^. T>>is is not a sertous problem. 
50 In the process of FKx 20c. a pseudo random niOTtoerR has been used as a pseudo varl^ 

value each time of executton of the process However, as the pseudo variable^ any thi^ 

with it takes a different vakje each time of executton of the process. 

ModifcattonlV 

55 

In the first ^lustrative embodiment, the decryption of £^kstion is achieved by software. For this purpose, the con- 
troHer 100 has to read the user secret key SKu trom the IC card 5 through the bus 102. whch leav^ 
pemiitting a breaker to easily steal the user seaet key Sl^ through the bus 102. In otd^ 
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achieved by the step8 604 throuQh 608 may be reaiized by han^ 

an CKemplary dedpherer-buiit-in )C card IR in FIQ. 21. the deqpherer-buat-in IC card IF 120a comprto an IC card 
receptacle 121 and a primed wiring board 122 extendng from and fixed with the receptacle 121. An IC 123 is mounted 
on the pmted wiring board 122. The IC 123 comprises a memory IF 125 which usually connects the memory of the IC 
card 5 with the bus 102 and. in response to an instruction from the controller 1 00, reads and passes the key SKu to the 
next stage: a Ky decoder 126 for recel>nng the key SKy and encrypting e1(PKy, Ky)wTththekBySKutoyi^K^^;andan 
AP decoder 127 for receiving the key K,, and encrypting e(K^ AP) to yieW appfication data (AP). The printed wiring 
board 122 portfon may be preferably moMed together with the C 
asinglebody. Bydobg this, leakk)g of the user seaet key SKy can l>e premned. 

This modificaljon can be also appSed to a system 1 using the cryptosystem of Fia 20C In this case, tfie 
decoder 126 of FIG. 21 has to be replaced with a decoder 126a as shown in Fia 22. In FGl 22, the decoder 
126a decrypts the input data. e1(PKu. R 4 e2(R. K^)), from the bus 102 by ustfig the user secr^key SKu passed by the 
memory IF 1 25 to obtain R + e2(R. K^). while decrypting the obtained data e2(R. K^)) with «ie obtained rarxtom number 
R and output^ng the key 

Embodiment II 

FIG. 24 is a bkxit diagram shoMwng an arrangeiT^ of a system capable of pfe^ 
age, e.g.. a OVD on the terms of use of the DVD without comm u nicating with any server aooording to a second illustra- 
tive embodiment of the inventfon. in FIG. 24. the system 1a is identical to the dient 2 of FX3. 1 eccept that the 
oomnvnication IF 150 has been ellninated because of no need of comnvjnk^^ 

has been replaced with a controller 1 00a. In the controSer 1 00a. a not-shown ROM for storing a oodM program as 
described later €«j the EEPROM 1 03 have been also replaced with a new ROM {not shown) and an EEPROM 1 03a 
In order to play a role d the serw 8. the system la has to have table 60 of FIG. 6A in any non-v^^ 
the EEPROM 103a aid en applk:atk)n duration (play time) for each a^ 
be included in the control data of each appfication packaga 

FIG. 25 schematkally shows an exemplary control program executed by the controller 1 00a shown in Fia 24. The 
contrd progmm of Fia 25 Is also kientical to that of Fia 5 excef^ that t^ 
efimrnated because the limit-attached play nriode is not SMPported by the sys^ 
650 and 800 are replaced with steps 650a and eooa. Accor^^ 
lowing. 

If the lower cSgito* the tenTO-ofHJse(TOU) code is 0 in the dectskjn step 514.^ 100a 
plays, in me free play mode, the appTicatfon stored in the selected appi^^ 
It shoiM be noted that since the system 1 a does not have the diaiiged p^ 
defined as folfows. 



Higher digit of terms-of- 
use code (Hexadecimal) 


Con-esponding imit value 


Play mode 


0 


None 


Free play mode 


2 


Effective date and time 


Umit-atlached play mode 


3 


Alkswable expiratkm date and time 


4 


Maximum amount of used period 


5 


AlkTwabfe access count 







Accordingly, if the lower digit of the TOU code is not 0 in the dedsfon step 51 4, then m step 800a the controfler 1 00a 
plays, in the fimit-attached pl^ mode, the applkstfon stored in the selected applfoalton In step 506 or 512 and ends the 
Operation. 

FfOs. 26 and 27 show an operatfon of a free play mode shown in step 650a of FIG. 25 in a d^^ 
ther detailed form, respectively. In FIG. 26. the controller 100a executes m kvM routine eoa in step 660a. in step 670a 
executes an expected play time informing routine, and in step 6d0a executes an applkstkxi play and metered play time 
report routine. 
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As 8howm in FIG. 27Jn the ^vtiat routine 80c. the cx^^ 100a searches the taUe 60 for a record which contains 
VIDy and hiOyf^ in the voKmne ID and Issue No fields thereof, respectively m step 86. (f the search is unsuccessfU. then 
the GontroHer 100a adds the record for VIDy and NOy.} and fills relevant fields with Af Dy^^ ^ ^ vakie. if any; in the 
tattle 60 in step 88. and proceeds fo step 90. Also, If the search in step 86 is successful, the server 9 proceeds to step 
5 90, where the controller 100a selects a routine to execute next according to the value 

selected routine. In this case, if the TOtJ code » xOH (x: an arbitrary HEX nurrfoer. the tetter H in the last position incfi* 
cates that the preceding nunter is in hexadedmaf), then a rou6ne fa playing an ^splicatfonfree of charge is selected. 
If tfie TOU code ^ xlH. then a routhe IS selected whk:h plays an application 0^ 
factor is under a preset value. 

10 The expected play tkne informing routine 670a is identical to the routines 97 fFtO. 10} mms commurncation steps 
93 and 94. oorvtonsing the above descdbed steps 91 . 92 and 95. SimBaffy. it is seen from FlGfe. 1 1 and 13A that the 
above desaibed steps 620. 622. 624, 210 and 218 are executed in this order in the timed play and metered usage 
report routhe 680a. In tNs way, the system 1 a permits the user to play the appficatton stored in the selected appik^alkxi 
(steps 506 and 512 of Fia 2^ free of charge. 

IS FIQ. 28 is a flow chart shewing an operation of a limit-attached play mode shown in step 800a of FiG. 25. Since 
this operation is very stmi lar to that of FIG. 1 9. only the flow is briefly described, omrtting the details of each step. In FIG. 
28. controller 100a first makBS a check if a meter associated with the TOU aide has reached obtained 
with the 7DU code. If so. then the server returns an overfimtt massage to oontiotter 100a m step 820. OthenMse. tfie 
controHer 100a proceeds to the expected ptay time infomiing routine 828a 670a). wftere the controller 1 00a executes 

20 the above descrbed stops 91. 92 and 95. and then calls the ap^^katkxiptey^^ 

pletingthe operation. S»xe the appfication play subroutine 600 has been detailed abo^e. further 

In this way. the system ta permits the user to play the appTica^on stored in the selected ap0 

of FiG. 25) only if the IffTvt value associated %wth the TOU code assigned to the volume or the user^specHied applicatfon 

has not been reached. 

25 Aocordihg to the second embocfiment the system la can operate in either of the free play mode and the limit-^ 
attached play mode wHhout the need of Gonimunication with a serv^ portable. 

Modifications 

30 In the dx>ve description, the illustrative ent>oc&T)em has been descrbed in ooi^uk^ 

(Sscussion can be applied to such pacioge media as permit write once or rnora 

Further, the present invention is also appicable to appScalionpactaK^ In this 

case, the distrixjted appTication padcges are stored in a bulk storage ki the user's device. An application package 

comprises one or more application and application control data, that is. an application descriptor and distrfoution 
35 descr^>tor. One volume is stored as a file. Since a phjrallty of appticatk)n package may be stored in a single stomge. 

each application package does not have to contain a control program One control program, wtBch may be distrtxited 

via either package or transnvssion niedia. is enmjgh for one user dev^ 

pactages are stored is set for a user specified one in the control program when the control program is installed. The 
data to be reooided in the dstrfoutfondescriplor is included in the application package by the provider aooorcfing to the 
40 information given by the user. 

As descrbed above, one who is permitted to use an a^splication package is fimited to an owner of tf)e IC caid which 
storesauser seaet key SKyConresponding to the user pi^ic key PK^ used for ^icryptionclth^ 
in the applicatfon package. For tfvs. even if someone has urijustty obtaaned an appfication package, for example, by cop- 
ying the whole volmne from the on whfoh the volume is recorded, he or she c^ IC card of 
45 the owner of the DVD. Thus the inventive system can prevent unjust use of an application psnkage (DVD n this case) 
by any other person than the regular owner of the applfoatfon pacfage. 

Also, the ffventive system is so anar^ied that nx)6t part of the c^icatio^ nun- 
ufacturing process of the DVDs, whereas at least a part of the volume control data (i.e.. the dstributfon descriptor) can 
be determined at the tane of. e.g.. distributfon of each of the DVDs after the nutnufacturing process. This makes the sys- 
so tern f le»ble t>ecause control data can t>e easily changed without changing the stanper. 

In the initial routines 80a and 80b in FIG. 8A and 8B. the data transmitted with the service request may be 
encrypted in the same manner as in case of the transmesfon of user's aecSt card nwrtoer shown in FIG. 1 7. However, 
in case of the initial routines, ttiere are a plurality of data. These data may be encrypted in tfie fbflowing w^. 
tfthe data to be encrypted are D1. D2,... then they are first encrypted with a key R as fotows: 
55 e2(R. D1). e2(R, 02).... 

Ttien furttver encryption is made with a server puk]6c key PKg as follows: 

e1(PK8. R -1^ e2(R, D1) + e2(R. D2) ). 

In the process of FIG. 1 7. the user may be authenticated by means of a public-toy cryptosystem using a pair of 
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user seaet and public keys (SK^. PKJ. In tfue case, the dient 2 sgne the doubte-encrypted aedit cvd nttnter 

ei{PK^R + e2{R.CCN0u)) 
wHh a signing ke/ or ttie user seaet toy Sl^ after step 64a V\fti9e the 
test key or the user publ^ key P t)e1bre step 650. 

Instead of stormg a sffigle server pLt^ic key in the distribution descr^^tor 23, a pluraiity of server pUslic keys or all 
the server public keys rmy t)e recorded. By doing this, it is possUsie. 
on the server publiG key which the user have selected by appropriately oont^^ 

Also. appHcatiori padoiges wHh an ktentkal volume ID c^ 
toll center may be advantageou&ly provided for appGcation packages of tt)e s»ne titta 

In order to prevent any use of IC caid by other person than the owvner of the IC card, d Is posslieto add. t>6fore 
the Sku reacfing step 604. the steps of prompting ttie user to em^- a password t^tnough a human IF 110 and proceeding 
to step 604 only if the entered password coincides tMth the user p^ 

Thoughihe ICcanjSisusedinthectoreernbodimerit, the IC card IF 120 may be replaced wiih a magnelic card 
reader to perrnitting the use of the magnetic card. Atternath^^ 
or her password each time the user uses the DVD. 

Instead of storing the user sea^ key SK^ in the IC card 5. the key Sku may be stored in non-volatile memory in a 
PWu-encrypted forra In this case, the ksy SKj is ot^ed by decrypting PWy-encopted SK^ with a password entered 
ty the user. 

The discussion of three preceding par^raphs are €43plfed to the IC card 
the server. Howcverjn this case the user has to be taken as the adi i wiiyittlo f of the toft server. 

Many widely cfifferent embodimenls of the present tfiveniion may be constructed without deparlBig from the spirrt 
and scope of the present invention, it shoukl be understood that the present kiventkxi is not fimited to the specTic 
entMdmiem descrtoed in the sp6dficatk)n. except as defined 

A system for permitting only an authentic user to play a desired appfication contained in a distrSDuted applcatkm 
package in of>e of predetemiined operation. e.g.. free play mode, charged mode. Fintt-attached play mode. etc. The 
system comprises a dient for plc^ an applk^tkm under the control of a server 

o omniini c at tot i network. The appDcatkyi package (the volume) includes a dfeWxition descriptor whk*i contwis mode 
oodes assigned to the ^ume and the applications of the volume. The data of dstrlbutkm descrif^ is decided and 
slwed in the de6cr|3tor m the tinrie of dslribution of the volume. This 
disctosed a system operatable without conmmksrtlng with a seiver. 

Clalffls 

1. An appficatx)n package for use in a system for pla^ng an application conta^ 
ume). the applicatksn package conprising: 

application data for at least one appTtcalion; and 

volume control for use in controllng said system, wherein said vol^ 

a volunr>e 10 for idertifying the kind of said appHcatk)n package (sai^ 

an issue number assigned in onler of issue to each of the vDliines of saU 

apptk»ftk)n IDs each assigned to one of said at le^ one applkartm 

at least a part of said volume control dato is to be added to said voltffne after the creato 

said at least a part of said vobjme control data includes said issue nunte 

2. An ^icatk)n package as defined ki daim 1 . wherein: 

said applk»lk>n data has been encrypted vvith an encrypting key; €^ 
said at least a part of said volume contrd data includes a user's piidalc 
key used. 

3. An application package as def rod in daiml.vmerein said at least a part of sai^ 
oodes whk:h are assigned to said ^unra or saki at least one appficatkin and each in^ 
with one of said volume or sakJ at least one app6catk)n to whk:h the nrade code ^ 

4. A package media on which an application package as defined in daim^ 

5. A package media of a wrrte^mce type on which an ^icatk)npaGtege as defined^ has t)em recorded. 
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6. A package media on wNch an appfication package as defined in daim 1 hae been recorded wherein eaid at least 
a part of said voiume control data is recorded In an area different from data area wtwre said appicatksn data is 
recorded on the package media. 

7. A nrielhod for sending data with a raised security from 
munication network, comprising the steps of: 

in said secorvl device. 

generating a pseudo rarKlom number: 

transmitting sakl pseudo random number to said lirst device; 

in said first da/ica. 

encrypting said data VMth said transmitted pseudo random m^nber into encrypted data; 

enaypting concatenated data consisting of said psajdo random niffrber and said encrypted data with a 

public key of said second device infeo doUble-encrypted data; 

sending eaki double-encrypted data to said second devtoe; in said second dence. 

decrypting said double-encrypted data with a secret l«ay of said second dewice %vtiich corresponds to said 

putsTic key into decrypted data consisting of a decrypted random number porlkyi and another decrypted 

portkxi; and 

decrypting sakJ another decrypted portion with said transmitted rand^ 

8. A ntethod fbr sending a pkjrality of pieces of data with a raised security from a first device to a second device 
through a pubNc telecommunication network, comprising the steps of : 

in said second device. 

generating a pseudo random number; 

transmitting sakf pseudo random number to said first device; 

in sakifRSt device, 

encrypting each of said pieces of data with said transmitted pseudo random nuni>er into an encrypted 
piece of data: 

encrypting concatenated data conssting of sakj pseudo random purrber and said encrypted pieces of 

data with a publk: key of said second dence into double-encrypted data: 

sending sakJ doUsle-encrypted data tosaid second device; in saxi second devee. 

decryptkig s^ doUsle-encrypted data with a secret key of said second device 

public key rito decrypted data consisting of a decrypted random nurrber portion and sakl pfunality of 

decrypted data pofttons; and 

decrypting each of said decrypted portions witfi said transnitte^ 

data> 

9. A method as defined in dam 7 or 8. further conprtsing the steps, eocecuteda^ 
Ue-enaypted data, of: 

proceeding to a next step only if sakj decrypted random mrrb&r portoi coincides with said transmitted pseudo 
random nt£Tt)er; and 

saki second device informing said first dense of a fa^ure n decryptfon if sak^ decrypted random number por- 
tion does not coincide with sakJ transmitted pseudo random mmfoer. 

10. to a system provided with means for ptayvig an applicatton contained i^ 

nitting a user to play an encrypting key-encrypted applk:atk>n contained in a distributed cqsplication package which 
further contains, as volume corttrd data, a user's pubtic l(ey-encrypted encrypting key so encrypted as to be able 
to be decrypted with a secret key of the user hto saki encrypting 

reading said user's public kay-encrypted encrypting key from sea6 distributed cfsplfoation package (saki vol- 
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ume); 

obtakitng said secr^ key; 

decryptir^ said user's piAlic key-encrypted encrypting key with said secret key to obtaki said encrypting key; 
and 

decrypting said encrypting key-encrypted apprficatkxi with said obtained encrypting key into c^k^ation data 
while passing sad application data to said means for playing an cqaplicaton. 

11. Inasystenicompristnga diernprovdedwithmeanstbrpt^^ 

and a server connected with the dtent through a cmnuncation network, a method ior pennitting a user to pt^ 
one 0* encrypting key-encrypted applk»tk>ns contained in a distr^^ 

as volume control data, a volune ID for identifying the kind of said cSstrixited applkstion pad^e (sakf volume}* 
an issue number issued to each volume of the kind in an issued order and applkstkxi IDs. the method conpriSH^ 
the steps of: 

sad cfiem reading said volunne ID, said issue nunt>6r and an application ID lor said one of encrypting key- 
^Krypted applk»tk>n8 (sad encrypting key-encrypted applk»tion) from sad volume and sencftfig to sad 

sen^: 

msadserver« 

retrieving sad enayptv)g key by using sad vokjme ID: 

retrieving a ptMc key of sad user by using sad volume ID and sad issue r%^^ 

generating a pseudo random mmter; 

double-encrypting sad encrypting key with sad pseudo random wirber and sad public key into a 
doubte enaypted data; 

s^ing sad double-encrypted data to sad dtent: k\ sad dient 
otJtainkig a secret key of sad user which corresponds to sad publk: key; 
obta^ing sad encrypting key by decrypting sad doUble-encryi^ed data vvn^ 
decrypting sad encrypting key-encrypted applicatdn with sad obtained encrypting key mto applica- 
tion data whie passing sad anilkatkxi data to sad means t)r pla^ 

12. ArTwthodasdefinedindaimlOorll.whereffisadmeanslbrobtai^ 
sad secret key from a portable memory of sad user. 

13. A method as defined in daim 12, wherm sad portable memory!^ 

14. In a system corrprising a client provded with means for playing an application package and a sender connected 
with the diert through a corronunkatkw network for controfling th^ 

taining. as volune control data, a vdi^ 10 and an issue nrniber issued to each of the volumes of sad volume ID 
k\ an issued oivfer. a method for contrDlling the amount of play time comprising the steps of: 

sad dient sending sad vdume ID and sad issue nunter to sad server; 
sad sender retrievkHJ an expected play time associated vvith sad vol^ 

sad server adding sad expeded play tsne to the vakie of a total pl^tirneassodated 10 and 

sad issue nunt>er. 

15. In a system conprising a diem provded with rneans for playing an appfic^ 

and a server connected wHh the dient through a commurycatdn network for coning the dient the applk^tdn 
package (the volume} containing, as volume control data, a volume ID. an issue number issued to each of the vol- 
umes of sad volume ID in an issued order and an applk^tion ID for the application, a metfiod for controlling the 
amoum of play time oonprising the steps of: 

sad dient sendng sad vdi^ne 10. sad issue m^nber and sad appficatdn ID to sad senrer; 

sad sen^ retrie^ng an eipected pl^y time associated with sad volune ID. sad issue number and sad appli- 

catk)nlD;and 

sad server adcfing sad expeded play time to the value of a total play tinrieassoct^ ID and 

sad issue number. 
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16. In a system comprising a dient provided with means for playing an application contained in an application package 
and a server corv>ected with the cHent thrc^ a conminicabon network for oontrofling the dtent the application 
pack^e (the volume) containing, as volume oontrot data, a volume ID and an issue number issued to each of the 
volumes of said volume ID in an issued order, a method for contrdGng the amourt 

of: 

said cfient and said server interactively measuring, as a measured play time, a play time of said appScation: 
and 

said server adding said measured play tBne to the vctfue of a tcM piGy time associated with said volume ID caid 
said issue number. 

17. A method as defined in claim 16, wherein said step of measuring a playtime comprises the step of using atimer of 
said server. 

1 8. A metfKxi as defined in claim 1 6, wherein said step of measuring a pl^ time conprises the step of uskig a timer of 
said dient 

19. In a system comprising a cient fx playing an appKcationpadoge and a server conn 

a commitf^cation network wherein the application package (ttie volume) comprises appGcation data and control 
data and at least a part of ttie control data has been added to the vokime after the creation of said vohmie, a 
n^ethod for sending dedred dala from one side cf said dient and said server to the oC^ 
hng the steps of: 

includng a secret key of said other side in said at lest a part of said control d 

in said other dde. 

generating a pseudo random number: 

transmitting said pseudo random nurrtier to said one side; 

in said one side. 

encrypting said desired data vnth said transmitted pseudo rmtom nimib^ 
encrypting concatenated data consisting of said pseudo random nunn^ 
said piMc key of said other side into doubie^erK7)n?ted data: 
sending said doubie-encrypted data to said other side; 

in said side, 

decrypting said double-encrypted data with a secret key of said other side which corresponds to said 
ptistic key into decrypted data consisting of a decrypted rarKkxn number portion and another 
decrypted portion; and 

decrypting saki anotiier decrypted portion witii said transmitted random mx^^ 
data. 

20. A method as denned in daim 19. wherein saki generating a pseudo random number indudes storing said pseudo 
rarxtom number in memory, and wherein the metiiod further comprises the step, executed prior to said deaypting 
said anott>er decrypted portion, of: 

in response to a determination that sakj decrypted random number portion does not coff^^ 

random r^imber stored in said nf>eans for storing saki pseudo random number stored in saxj memory, informing 

sakl one side of a failure k\ decryption instead of passing the oontiol to next means. 

21. In a system cornpr^lng a diem provided with means for playing an applkationc^ 

and a server connected with the drertt through a commurucation networK a method for permitting a user to play an 
appNcation contained in a distrdxited appTication package whk:h further contains, as volume control data, a volume 
ID for identifying ttie Mnd of sakj distributed applicatk)n package (said vdume], an issue number issued to each 
ume of the kind in an issued order, and an appScation ID for said applcation, the method comprising the steps of: 
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proceedng to a next step only it the value of a meterfieldasGociaiBdwHh said volume tD. eaid Issue nmrber 
and said iQ3pl'icatian ID is under the value of a Rmit value field associated witfi said volume ID, said issue 
number and said appQcation &3 in a volume data table; and 
displaying a message nfic)rming an overiimit on a d 

22. tn a system Gonrprising a dierit provided with means icr playing an ap 
and a server connected with the diem through a oorrminicationneh^^ 

appficafion contained in a distribUed appfication package which further contains, as votune corttrd data, a volume 
ID for identifying the Idnd of said distributed application package (said volume), an issue number issued to each vol- 
ume of ihe kind in an issued order, an application ID for said application and a limit value for fimiting the play of said 
application, the method conprising the steps of: 

proceeding to a neid step only H the value of a nfteter field aesodatad with 
and said ^ication ID in a volune data table is under s^ \mt vakie; and 
cfisplaying a message informing an overtimit on a devk^e of sak^ 

23. A metttod as defined in daim 21, wherein said Iknit value is one of eftact^ 
and tirne, a rna)dmOT amount of play time, and an allowidble access 00 

24. Amethodasd^nedffianyofdainfs 11« 15 and 16, wherein said step of saM client sendirKi to said server com- 
prises the steps of: 

said cfiem encrypting at feast one of said votome ID. saki issue nunte ID into encrypted 

data: and 

sakl senw decrypting s^ encrypted data. 

25. A system for sencfing data with a raised security from a fvst device to a second d 
nicatoi network, oonprismg: 

means pcovkied »i saw second devk» for generating a pseudo random 
means provided h saU second devk^ for transmitting said p 
means provkled in saki first device for encrypting said dato wmi seJd 
an encrypted data; 

mearisprovMed in scbdffstdevfoe for encrypting concat 

and sad encrypted data with a puUk; key of sakf second devfoe into doU)le-^^ 

means provkfed in saU first devfoe for sending saki double-eiKTy^ 

rneans provkied in saxJ second devfce for decrypting said douWe^ncryp^ 

ond devk:e whk:h corresporxfs to sakf pii^lk: k^ into decrypted data consist 

portfon and anoffter decrypted portion; arvf 

means provkJed in sakj second devfoe la deaypting saU 

dom nurber to obtain saki data. 

26. A system for sendirig a plurafity of pieces of data with a raised seotf ity from a first device to a second devk» 
through a pubTic teleoommunicatton neNvork corrprising: 

means provkjed ki saki second devfoe for generating a pseudo randan nurTt>e^ 
means provided in saM second device for transmitting said pseudo r 
nieans prcvkled in saki first device for encrypting each of sakl pieces ^ 
dom number into an encrypted piece of data; 

means provtoed ki saw frst devk» fa encrypting concatenated date consisti^ 

and saki encrypted pieces of data wrth a puWc key of sakl second devk» into doi^^ 

means pruvkied in sakf first devk:e for sending saw do(i)le-en^^ 

means provided in saw second devk^ fa decrypting sad doUiie-encrypted dato wH^ 

ond devfoe which corresponds to saw pubic ke^ nto decrypted data oonsfsti^ 

portfon and saw plurality of decrypted data porttons; and 

means provWed in saw second devfoe for deaypting each of saw decrypted port^ 

dom number to obtain saw pieces of data 
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27. A6y6tema8defm6dlnclahn25or26, firtheroom^ 

means, pmictod in said saomd device, activated prior to decrypting each of said decrypted portois and 
responsive to a determination that said decrypted random number portion does not coincide wHh said trans- 
mtted pseodo random ruinter. lor intonning said first dei^ of a taifure in decryption instead of passing Ihe 
control to next means. 

28. A system for playing an «icryptr^ key-encrypted application contained in a <£strttxjted application package which 
fulher contains, as volume control data, a users puk)6c key-encrypted encrypting key so encrypted as to be able 
to be decrypted with a secret key of the user into said encrypting key, the system conprising: 

means for reading sakl user^ public key-encrypted encrypting key from said dtetrtxited application package 
<said volume); 

means for ob&'ning said secret key: 

means for decrypting said user's public key-encrypted encrypting k^ with said secret key to obtain said 
encrypting k^. 

means for decrypting saki encrypting key-encrypted appTication with saki obtained encrypting key to provkie 
application data: and 

means for using said appfication data for playing. 

29. A system for permit^ a user to play an encrypting key-erKryptedapplkstk^ 
package wtiich further contakis, as volume control data, a volume ID for kfo^ 

catfon package (saM volume}, an issue nunt)er issued to each volume of the Mnd In an issued order and appltca- 
tfon IDs, the system oonprising: 

a cfient for playing an apr^catfon t^ ustf)g applicatkxi data: and 

a server for controll^ said dient through a oonvnunicalion network, wherein saM client compiises: 
means for reading and sending said vokime ID, sakl issue rwrnber and an applicatkxi ID for said one of 
encrypting key-encrypted applfoations (sakt encrypisig key-encrypted cw^icatfon) from said volume to said 
sen/er. sakt server comprises: 

means tor retrieving saU encrypting key t>y using said i^ume ID: 

means for retrievhg a pubKc key of said user by using saki vofume ID and sakI issue nurhber: 

means for generating a pseudo random number: 

rneans for double-encryi^mg sakJ enaypting key with saki pseudo 

adouble encrypted data; and 

rneans for sending said doUsle-^^crypted data to said dient and said cfient comprises: 
means for cbtainhg a seaet key of saki user whkii corresponds to said pUbii^ 
rneans for obtatfting s^ encrypting key 1^ decrypting said dbubte-encr^ 

means for decryptkig saki encrypting k^encrypted^jpficationwHhsakJobtarod encrypting key to pro* 

vkie appikalion data; and 

means for using sakI appicatfon data for playing. 

30. A system as denned in claim 26 or 29. wherein said ineans for obtaining a secretly 
sakl secret key from a portable memory of said user. 

31. A system as defined in daim 30, wherein sakJportcMemeniory is ante card. 

32. A system for permitting a user fo play a distrfouted applicatfon package whidi further contains, as volume control 
data, a volume ID for kientifying the kind of sakl (Retributed applk»tkxi padoge (said volume) and an issue rA^nber 
issued to each volume of the kind in an issued order, the system comprising: 

a dient for playing sakl dstrbuted appffoatkm package: and 

a sen^ for controlling said dient through a corrmjnx^tkyi n^worK wherein: 

said client comprises means for sending saki volune ID and said issue nuni)er to saki server; and 

sakj server comprises means for retrieving an e)(pected play time associated with saki vohime ID and said 

issue number, and means for adding saki esqi^ected play time to the value of a total pl^ time assockted with 

saki vokime ID and saki issue number. 
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3a. A ey^em for penratting a user to play an application contained in a distrftxjted appicatton package wtBch further 
contam. as volume control data, a volume ID for ident^ng the Kind of said distrtxited appfication pactage (said 
vokime), an issue nunft>er issued to each volume of the kind in an 
calioa the system comprising: 

a client for playing said application; and 

a server for contrcHIing said cKem through a communication 

said dient comprises means for sending said volume ID. said issue numt>er and sod appKcation 10 to said 
server; and 

said server comprises means for retrieving an expected play time associated v«th said volume ID. said issue 
number and said application ID. and means for adding said eoqpected play tinie to the value of a to£^ 
associated wHh said volume ID and said issue rnimber 

34. A system for permftling a user to play an application contained In a distri^ 

contains, as volume control data, a votoie ID for identifyi ng the fond of said distributed ^spficatfon pactoge (said 
volume), an issue number issued to each volume of the kind in an issued order and an appTication a> for the appli- 
catfon. the system comprising: 

a cfient for playing said application; and 

a sen^ for controlGng said cTiem through a oomnnmkstffon ne^ 

said diem and said senrar conplse mem for Meractively measuring, as a measi^ 

afsaU^icatfon;8nd 

said sender fiffther comprises means for adding said measured pl&y time to ^ 
ciated with said volume ID and said issue number. 

35. A system as deTned in claim 34. wherein said means for imemdivelyn^ 
using a timer of saki server. 

36. A system as defned in claim 34. wherein said means for interacevely measuring a p^ 
using a tnner of sakj dienl 

37. A system fa permrtting a user to play an application package (the vofome)oonpri^ 

data wherein at least a pan of the control data has been added 10 the volume after the oeati^ 
system comprising: 

a cGent for playing said volume; and 

a servw for a)rtiofl«g said cfient through a comnuinicatfon networt<, w^ 

storing a secret key of said server and said at least a part of said control data 

ing to said secret k^. and wherein the system comprises: 

means provkied in said server for generating a pseudo 

means ibr storing safo pseudo random number; 

means provkfod in sad server for transrnltting sakl pseudo random number 

means prarided in sakJdierit for encrypting desired data vwth sad transmitted pseudo random nuntjer into 
encrypted data; 

means prowded in said cient for worypting concatenated data consisting of sad pseudo random numb^ and 

sad encrypted data with sad pUA'c key ktto double-encrypted data; 

means pfovkfod n sad diem for sending sad double-encrypted data to 8^ 

means provded in sad server for decryptkig sad double-encrypted data wi^ 

data consisting of a decrypted random number portdn and another decrypted portk>n; and 

means provded in sad server for decrypting sad another decrypted portdn with sad transmitted random 

number to obtain sad desired data. 

38. A system as defined in daim 37. further oomprisir^: 

means, pranded In sad sen«r. activated prior to sad decryj^ing sad anolher decrypted portion and respon- 
sive to a deterniinatkKt that sad decrypted random nunt>er pwtton A 

lumber stored in sad means for storing sad pseudo random number, for infornwig sad cfient of a foilure in 
decrypfdn instead of passmg the control to next means. 
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39. A system for p^mitting a user to play an application contained in a dislrkxited application package wNch further 
contains, as voiume control data, a volume ID for identifying the kind of said distributed applicatiOT package (said 
volume), an issue number issued to each volifne of the kind in an issued order and applcation 10s. the system 
comprising: 

5 

a dient for playing an applicatkx) by using appficatkm data; and 

a server for controlfing said diem through a convminication networK wherein sakj dient comprises: 

mearts for reading and sencfing said volume \0, said issue number and an applkation ID for said one of 

enaypting key-encrypted appficalions (sakJ encrypting key-encrypted application) from said volume to said 

fo senrer^sakJ server comprises: 

rneans for proceeding to next step only If the value of a rneter field associated with sa^ 

number and said application ID is under the value of a iRiiit value OM assodated with saki vokime ID. said 

issue nunt3erandsaclap(dkatk>n ID in a volume data table; arx< 

means tor caudng said dient to display a message Informing an overfim^ 

16 quit the opemtion otherwise. 

40. A system for pennlting a user to play an appi(Galk)n contained in a dislri^ 

contains, as volume control data, a volume ID for ktentifying the Mnd of sakl distrlxttedcfapltcatidn padage (sakI 
volume), an issue number issued to each volume of the kind in an issued order. applk»tx3n lbs and limit values 
20 assodated with respective app6catk)n IDs for limfting the play of respective applicatkyis, the system comprising: 

a diem for playing an applicatkm by U8»ig applkation data: and 

a server for oontidling saU dient through a communicalion networK wherein ^ 

means for reading and sendngsakJvotunie ID. said issue number,^ ID for sakj one of encrypting 

2S key-encrypted appluatfons (saki enaypting key-encrypted applk:ation) and a B nit vakie as sodat e d with saki 

epplcation ID from said vokime to said server, and vvherern saki server oorrpns0&: 
means for proceeding to a next steponly if the value da rneter field assodated ¥^ saki vdurrie ID. said 
number and saki appHcatfon ID tfi a volume data t^ble is under sad imit value; and 
means for causing sad client to display a message infbnrning an overlimit on a display of said dient tfid 

30 quit the operation othenMee. 

41. A system as defmed in daim 39. wherein sakJ limit vakie is one of effMive dale ^ 
and time, a manmum amoum of pifiy tkne, arKi ffii alkMvable access count 

3S 42. A system as defined in any of dakns 29. 33 and 34, wfieretn said means for sending to sakl sen^ oon^ses 
means for encryp6ng at least one of sakl vokjme ID, sakl issue nunt>er and sad apptkatfon ID. 

43. A method for permitting an authentk; user to play a dedred one of the appli^ 

catfon package in a system capable of playing an applk^tfon. wherein sad applicatfon package (sad volume) con- 
40 tains vokime ontrd data induding mode a)des assigned to sad volurne and the app^ 
method comprising the steps of: 

deddkig to use one of predetennined play modes specified by one of sad mode codes associated with sad 
desired applicatk)n; and 
45 playkig sad desired application in sad specified play mode. 

44. A me^KxJ as d^ned in dakn 43, wfierei n the method further conprises the step of axludtng. m sad mode codes, 
values kidk»tive of a free play mode and at least one Itmit-attached piay mode wNch con'espond(s) to respective 
linvt value(s) used for Dmiting usaga 

so 

45. A method as defined in daim 44. whtt'on sad step of playing sad desired application comprises the step of: 

in response to a deternination that sad one of sad nwde codes assodated with sad desired applk:atkxi 
kKhjdesavakJe indfoative of sakl free play nfKde.8itnply playing sad desired a^^ 

55 

46. A nrielhod as d^ined in datm 44. wherein sad Step cl playing sad desired appSca^ 

in response to a detenrmatfon that sad one of sad mode codes assodated with the desired applkxtnn 
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hcfudes one of values incScaKhre of said at least one limit-attached play moda dispteying a measage to the 
effect tfiat a limit value associated with said one of values has been reached instead of playing said desired 
fipplicaiion if said limit value has been reached 

47. A n)ethod as defined in daim 43. wherein said volume control data further includes a volume ID. an issue number 
and an appfication ID for each of said applications, and wherein said step 0^ 

ptay modes comprises the steps of: 

obtaining said one of said mode codes associated with said desired app&calion and corresponding limit value 
by using said application ID; and 

comparing said one of said mode codes with a meter value associated wflh said volunr» 
and said application ID. 

48. A method as defined in daim 45, wherein each of said applicatiorts has been each encrypted with an enaypting 
i^ and said volume control data includes a user's public key-encrypted version of said encrypting key (a pubfic 
key-enaypted veisk>n encrypting key), and wherein said step of si^ comprises 
the steps of: 

reading said user's public ksy-encrypted encrypting key from said volume; 
obtaining a user's secret key whk:h corresponds to sak! users pubfic key; 
decryptirig sad user's pubic key-enor>pted encrypting key wim 
key:€Bid 

decrypting saU desired appScation with said obtained enaypting key. 

49. A system for perrrvttffig an autheritic user to play a desired one of the appTK^^ 

cation package, wherein saki applkation package (said volume) contains vokime control data including mode 
codes assigned to sakl volume and the applications of said votunie. the s^ 

means for decidrig to use orte of i;»'edetermined pl€y modes specified by one of said mode codes associated 

with said desred applicatkKi; and 

means for playing said desired appikatkm In said spedTi^ 

50. A system as defined in daim 49. wherein the system further comprises means for mduding, in saki mode codee, 
values fodicative of a free play mode and at least one fimit--attached play mod^ 

fimrt value(s) used for Kmib'ng usage. 

51. A system as defined in claim 50. wherein said means for playing said de^ 

means, responsive to a determlnatkm that said one of said mode codes assodated with saki desired applica- 
tion indudesa value tncficative of saki free play mode, tor simply playing sakj desired applicatfon. 

52. A system as defined in daan 50. wheran saki means for playing sati desired application conprises: 

means, responsive to a determination that said one of saki mode codes associated with tie desired applicatk)n 
irxdudes one of vakjes indicative of said at least one limit-altached play mode, for displaying a message to the 
effect that a limit value assodated with saki one of values has been reached instead of playing saki desired 
application if saki limit value has been reached. 

53. A system as defined in daim 49, wherein said vdume control data fitfther indudes a volume ID, an issue nunber 
and an appfication ID for each of saki applk»tions. and whereoi seki means for deckling to ise one of predeter- 
mined play modes comprisesi 

means for obtakiing saki one of saki mode codes associated with said desired 
fimit value by using said appHcation ID; and 

means for comparing saki one of saki mode codes with a meter value assodated with saki volume ID. said 
issue number and said appTication ID. 

54. A system as defined in daim 51 . wherein each of said applications has been encrypted witti an encrypting key and 
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said volume control data includes a user^ public Key-erKrypted veision of said encrypting key (a pubTic key* 
encrypted version encryptinQ key), and iMierein said means lor einpty playing said deseed app^ oomprises: 

means for reading said user's piisGc key-enorypled encrypting key 

means for obtaintng a user's secret key wtiich conesponds to said user^ put)6c key: 

means for decrypting said user's pMc key^-encrypted encryptkig key with said user'^ seaet key to cbtaoi said 

encrypting key; and 

means for decrypting said desired application with said obtained encrypting key. 

55. Annethodforpermminganautheriticusertoptayadesiredoneoftheappl^^ 

catkKi package in a system conprising a diem capable of playir^ an app&cation and a server connected wi^ 
client through a communk»tion netwofK wherein sad app{katk)n package (hereinafter refen-ed to as "said vo}- 
ume") contains volume control data including mode codes assigned to said volume and the applicatkins of said vol- 
ume, the method comprising the steps of: 

said diem deciding to use one of predetonrnined ptay nrxxies sp 
vMth saki desired applicatxm; and 

playmg said desred applkstion in sakl specified play mode by meansof cooperatkxi between sakldient and 
said server. 

56. A method as d^tfied in daim 55. wherein the method further oonprises the step of Muding, in each of said mode 
code, a vahie indicative of one of a free play mode, a charged pliy mode and ai least m 

wherein said volume control ctota further conffMises a limit vakje associated witf) each of saki at least one fimit- 
attached play mode, 

57. A method as defined in daim 55 or 56. wherein said vokjme control data further inckides a volunoe ID. an issue 
number, and an appfiGatx>n D for each of said ^k»tk)ns, and wherein s^ 

tk)n in sakJ specified play mode tndudes an application play step of simply playirig said specified i9plcatk>n. 

58. A nrwthod as defined^ daim 57, wher«n each of saMapplicatx)ns contained n 

has been encryip^ed with an encrypting key and said volume oontroi data includes a usens puific key-encrypted 
ver5k)n of sakI encrypting key (a public key-encrypted vemton encrypting key), and wfierein saM appiicatk)n play 
step oonprisinQ the steps of: 

reading said user^s pubfc key-encrypted encrypting key from said volume; 
obtaining a user's seaet key wlwii oorresporids to sakI useriB publk; key: 
decrypting said user's public key-encrypted encrypting key witti said user's secret ke^ 
key; and 

decrypting said desired appfk»tion with said ofcrtained encrypting key. 

59. A method as defined tn daim 57, wherein each of said app(^atx>ns contained ki a distributed eqsplication package 
has t>een encrypted with an encrypting key and said vdume cortrd data ridudes a user^ publk; key-encrypted 
veision of said encrypting key (a pukilic key-encrypted verston eiKrypting key), and wherein saU cpplicatkxi play 
step comprises the steps of: 

insakf serv^. 

reeving an encrypting key by using said vokime ID; 

retrieving a user's publk; k^ assodated with said volune ID and eakl issue number; 
doii)fe-encrypting sakt encrypting key with e pseudo random number 
bte encrypted data; 

sending said double-encrypted data to said dient ; in saki cGent 

obtanng a user's seaet key whuch corresponds to said user's pdslc key; 

obtiuning said encrypting key by decrypting sakj double-encrypted data with saki user% seaet key: 

deaypting sakii desired application with said obtained encrypting key. 

60. A metfwd as defined in daim 57, wherein saki step of playing saki desired ^splicatton further comprises the steps, 
executed prkx to saki applicatkxi play step, of: 



23 



EP0840194A2 

said 86iver retrie^ng an expected pl^ time associated with said desired appfication; and 
displaying said expected play time on a display devk^ 

61. A method as defined in dairn 57. wherein satd step of playing said desired application further oonnprises the steps 
of: 

measuring, as a measured play lima, a duration of said application play step; 
addHig said measured play time to a play time meter associated with said mo^ 
of piay time: and 

di^ying said measured play time and said total amount of play time on a cfeplay de^ce of said cTient after 
said application play step. 

62. AmetfKxfasdefmedindaimei.wher^nsaidstepofmeasuringadumtionoonpr^ 
play time by using a timer of said server. 

63w A method as defined in daim 61. wherein said step of nieasuring a duration oonpr^^ 
play tsne using a timer of said dient 

64. A method as defined in claim 57. wherein said step of deciding to use one 
deciding to use said chaiged play mode if said one of said mode codes associ^ 
indudes a value indicative of saki diarged play mode, and wherek^ 

con1pr^6es the steps of: 

said diem obtaining and sending a aedtt card numt)er of said user to 
proceedng to a next step only if tiie aedit card d said nunter is found ^ 
ctated credK oonpany; 

(Ssplaying. on a diqalay device of said dient a charge for play deci^ 

of said appfication play step and a total anrKXjm of play charges after said ap plic a to 

said sen/er charging said play to said credit card number. 

65. A me0x)d as defined in daim 64. wherein said step of playing said desired wlicalion further con^)ri5es tiie steps, 
prior to said application play step, of: 

cfisplaying. prior to said application play step, an expected charge 
said display device; and 

letthg the user decide whether to play said desired ^splication. 

66. A metfiod as defined in dakn 64. wherein said step of said diem obtaining^ 
user to said server conprises the steps of : 

insaidsen^, 

generating a pseudo random number; 

storing said pseudo random ntmber in memorf, 

transmitting said pseudo random numk)er to said dient; 

in said dient 

pronpting said user to input said credit card numb^; 

doiWe-encrypting said crecfit card number first with said transmrtted random number and then with a 
severs public key included in said volume control data into a dout)fe-encrypled number; 
sliding said double-encrypted number to said server; in said server, 

decrypting said dout^e-encrypted number witfi a sen^ secret key into a decrypted random num^ 
another decrypted data: and 

decrypting said anott>er decrypted data with said transmilted random number to ot^in said credrt caid 
number. 

67. AmettKdasdefinedindaffn66,wherein6aidstepof8aiddientobtainingand8eri^ 
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user to eakJ server further conr^prises the steps, executed prior to said step decrypting said another erKrypted 
data« of: 

proceeefing to a next step only if said decrypted random nunrter coincides with said pseudo random number 
5 which has be&r\ stored in said memory: and 

displaying a nteseage informing a faikire in decryption and quitting ttie operation othenwise. 

68. A method as defined in ciakn 57 wherein said step of deciding to use one of predeternvned ptay modes comprises 
deciding to use one of said at least one imit-^ached play mode if said one of said mode codes associated with 

10 said desired application includes a value indicative of said one of said at least one Kmit-attached play mode, and 
wherein said step of play^ said desired application conprises the step of: 

in response to a detentiination that a nneter value associated with said one of said mod^ 
said desired app&cation in a record identiried by said volume ID. said issue number aid an ^if^cation ID of 
IS said desired application m a volume data tattle has reached a limit value associated with said mode code, dis- 

playing a message infbrnnng an o/erimit on a display device o4 said die^ 
play step. 

69. A m^hod as defkied in daim 68. wher^n said finvtvakje is one of effective date a^ 
20 Bnd time, a maximum amoiHit of play time, and an allowable access count 

70. A system for playing a distrixjted application pactage in one of predetermine 

wherein thte application package contains a data set encrypted with an encrypdng key (a K-enayptedd^ 
each of at least one apf3fication and volume control data for use in controiyng operation of the system and the 
25 senw and the volume oontnol data incfcjdes mode codes defining said play nrvxtes. ^ system oornprising: 

means for permitting a user to select one of said at least one ^splication of said volume; 
means for deciding to use one of said predetennned play modes associat e d with one of said mode codes 
asst^ied to said selected application; and 
30 means for playing said selected appScation In said selected play nvide in concert with said sen^. 

71. A system as defined in daim 70. wherein eachof said mode codes includes one of values for a free play mode, a 
Ghaiged ptey mode and at least one limit*attached play niode. 

3S 72. A system as defflied in daim 70, whereki said volume control data further indudes a vok^ne ID. an issue number 
and an appTication ID for each of said applications, and wtierein said means for playing said selected application in 
said selected play nnode at least conprises: 

nneans for setting said server for said selected play mode l)y seridkig to said sen^ 
40 number, and the application ID and said mode code associated with said selected appScation; and 

application play means for sev^ pls^ng said specified applicatioa 

73. A system as defined in claim 72. wtiereh said volume control data further includes a user's public key-enciypted 
encrypting l»y. and wherein said application pl^ rneans confx^ 

45 

means for reading said user^spubfic key-encrypted encrypting kay from said volume: 

means for obtakting a user's secret key which corresponds to said user's pubfic key; 

means for decrypting said user's put^lic key-erKrypted encryptff>g with said user's seaet key to obtain said 

^Krypting k^;and 

eo means fc^ decrypting the K-encrypted data set of said selected application with said obtained encrypting key. 

74. A system as defined in daim 73, wherein means fbr decrypting said user^ public key-encrypted encrypting key and 
said means fbr decrypting the K-encrypted data set are realized as an integrated circuit 

55 75. A system as defined in daim 72. wherein said application play means comprises: 

means for receiving double-enaypted data from said sen/er; 

means for obtaining a user^ secret key wtttch corresponds to said user's putsGc k^^ 
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means for obtaining said encrypting key by deayptwg said doubie-enorypted data with said user's secret ke^ 
and 

nmns for decrypting me K-encrypted data set of said selected appfication with said obtained encrypt^ k^. 

6 76. A system as defined in claim 75. wherein means for obtaining sakl encrypt!^ 
the K-encrypted data set are reafized as an integrated circuit 

77. A system as defined in daim 74 or 76. wherein said integrated circuit is incorporated into said means for obtaining 
auser^seaetksy. 

10 

78. A system as defined in daim 73, wherein said moans for deciding to use one conprises m^ns for deciding to use 
afreeplay mode and wherein said means for playing said selected appficationfurtheroonpnses: means, prior to 
said application pl^meanSi of: 

IS means for receiving data from said server; and 

displaying said data as an expected play time for said selected applicato 

79. A system as defned 'tt\ daim 73. wherein said means for deciding to use one of said predetemmed play modes 
conprises nneans for deciding to use a free play mode, and wherein said n 

20 tion further conprises: 

means for causing saU server to obtain, as a measured play time, date of a opeiBtion peri^ 
play means: 

nieans for receiving firet and second data from said server; cuid 
2S means for (fi^playlrigjust after the conpletiondoperatkm by sai^ 

ond data as said measiFed play time and a total amoum of time, data as 
total amount of pl^ time. 

80. A system as defined in daim 79. wherein said nieans for causffig said sender to cbt^ 
30 conprises moans for infornvng said sen^ Of the Start and the end of cf>ei^^ 

utifize a timer of said server. 

81. A system as defined in daim 79. wherein said nmns for causing said server to obtam 
comprises: 

ss 

means for measuring said operation period of said application pUy means; a^ 
means for sending said operation perfod to said sener for use in a cafoulation of sM 

82. A system as defined in datm 72. whereki said means for deciding to use one conprises means for deciding to use 
40 a charged play nnode and wherein said means for playing saUsdededap^ 

nieans for obtaining and sending a aedit card nunber of said user to sai^ 
means responsive to a verification result of said aecSt card from said serw 
said resiA is positive; and 

45 means for displaying a charge for play decided based on a measured play timed said ap^ 

and a totol anx)unt of play charges after operation of said appficati^ 

83. A system as defined in daim 82. wherein said means for playing said sdected application further comprises: 

BO means activated prior to operation of said application ^ay means for displaying an eipected diarge and an 

espeded total amoum of charges and letting the user dedde whether to 

84. A system as defied h daim 82. wherein said volume control data of said distr^ed appScation package further 
indudes a saver's public k^. and wherein said means for obtairang and sending a aedit caid number of said user 

55 to said server comprises: 

means for prompting said user to Irput said credit card timber; 
means for receiving a random fftimber from saxi server; 
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means for obtaining said server's puUic key from said vok^ne; 
means for (kxjble-^KryptinQ eaid aedft card nunt)erfM 
publfc key into a douUS'^ncrypted data; 
sencfing said douNe-encrypted number to said server; 

6 

85. A system as defined in claim 84, wherein said means for said dient obtaining and sending a aedit card numb»^ of 
said user to said server f urffier comprises: 

means responsive to a positive resutt of iwidom number check from said seiv^ 
70 means responsive to a negative result of said random number check from said server for displaying a message 

indicative of a failure in saki random number dieck and quittgig the operatfon for said selected a pp fica l fon . 

86. A system as defined in datm 72. vvfwein: 

IS said means for deciding to use one compf^ means f(V^ deckling to use a limit-^^ 

said sending to sakf server ndudes sending a limit vakie associated witfi said mode code, and wherein said 
means for playing saxi selected application iirlher conprises: 

means operative prfor to operatfon of said applicatfon play means for receMng from saki sener a rrrvtcheck 
result indkative of whether a limit value associated with sakf mode code fias been reached; and 
20 means responsive to an ov^- Ikrat case of sakJ result for startkig a next operatfon. 

87. A system as defined in clafim66» wherein said limit vakie is erne of effoctwe date ^ 
and tinriei a nraximum aniount d play t^. and an alfowaUe access count 

2S 88. A system for oontroSing through a conmjnication network a cllemdevkn to pia^ 

in one of predetermined play modes, wherem the applicatfon package contains a data set encrypted %vith an 
er^rypting key (a K-encrypted data set) for each of at least one applicatfon and vofom 
trollffig operatfon of ttie system and the dient and the vohime control data Inckxles a volume C>.ai issue nun^ 
anapplkation 10 for each of said appicatfore, and a mode code for safo volume or mode codes for ^ 

so tfons. the system conprising: 

volunw data table for storing, for each volume, said vokime \0, safo Issue number, sakf mode code for saki vol- 
ume, and said application ID and said mode code for each of safoapplicatfons; 

means for receiving a service request a volume ID, an issue number, an appScation ID and a rvo6e code and 
3S Other data from said dient 

means for storing saki received application ID, said received mode code and otfw data in appropriate fiefos of 
a record klentif ied by safo volume ID and said Issue number; 

means responsive to a determinatfon that there is no record foenlif ied by said volume ID and saki issue number 
in safo vdunie data tabfo for ackfing said record in said vol^^ 
40 ID and nx)de code and said other data in relevant fiekis of saki record; and 

means operative on the basis of saki received mode code for decking to $ut>sequently passing the control to 
means for supporting a play mode associated said received rnode code. 

89. A system as defined in claim 88, wherein said means for sipporting a play mode at 1^ 

46 porting c^icatfon play means, of dient for sirrply playing an applicatfon kienttfied by saki received application ID. 
and wherein sad means for siqsporting said appficatfon play means of said client comprises: 

first means for associating a given volume ID with a con-esponding encrypting key; 
second means for associating both a given vofome ID and issue nunfoer with a conresponding user's public 
60 key; 

means for retrieving an encrypting key associated with saki reooved volume ID from said first means; 
means tor retrieving a usei's public key associated with said received vdime ID «id issue number from saki 
second means; 

ri^ans tor double^encrypting safo encrypting key with a pseudo random number an^ 
55 a double encrypted data; and 

semSng saki double-encrypted data to saki dfont 

90. A system as ddined in daim 89. further comprising an applicatfon data table for storir^ data for each kind of appli* 



27 



EP0840194A2 



cation, wherein sad received mode code defineG a free play mode, and vvherein said means for supporting a play 
mode associated said receivad mode code conprises: 

means, activated prior to an operation of sakJ means lor si^Dpo^ 
retrieving an expected play time assoctaledtMthsmi received appficalk)n ID 
and 

means for sending said e)9>ected play time to said dienL 

91. A system as defined in dam 89. wtiereffi said received mode code defines a free play nrvxle. and wheren said 
means for SMpporting a play mode assocated said receh^ed mode code con^ses^ 

nieans for nieasuring. as a nieasured play time, a duratfon of appli^ 

means for adding said nieasured play tinie to a play th)6 meter associated wtt^ in 

said volume data tatile to obtain a total amount of play time; and 

means for saiSng said measured play lime and said total amount of play time to said diert. 

92. A system asdefmed in claim 91, wheran said means for measuring a djration comprises: 

means responsive to a notice of the start of operation k)y said appMcation play 
atimer;and 

means responsive to a notice of the end of said operalksn for stopf^ng said timer^ 

93. A system as defined in daim 91. wherein saxi means for measuring a du^ 

noeans for receivhg a measured duralfon from said dient. 

94. A system as defined in daim 88. wherein said recent mode code defines a char^ 
rneans for s^3porting a play mode assodaled said received mode code ojmpri^ 

means for receiving a aedlt card number of said user fmm said server; 

means, responsive to a detennination, from a verification of said credit card nwiter. that said oradit caitl 
number is not vafid. for informing said dient of ffiwalidity and qui^ 
a play mode; 

means, responsive to a detemninatioa from said verification of said crecfit caid number, that said crecfit caid 
number is valid, for informsig said diem of a validHy and prooeecfing to a ^ 
means for charging said play to said aedit card number. 

95. A system as defned in claim 94, wherein said means for Si4)porting a play mode associated sad received mode 
code fiffther oonprises: 

means adivafed prior to operalfon of said application pli^ means of said cb'ent for retrieving an expected 
chvgetrom said eppficetton data table by using said received application ID; 

means for calculating a sm\ of said eKpeCted charge and a vaJue of a charge meter associated with said 
received volume ID or application ID dependkig on said received mode code; 

means operative prior to operation of said application play means for sendtfig said expeded charge and said 
sum to said client; and 

means responsive to a receipt of a message of quitting la quitting ^ 

96. A system as defined in dalm 94, wherein said means for receiving a aedIt card number of said user from said 
server comprises: 

means for generating a pseudo random number; 
means for storing said pseudo random number in memory; 
means for tansmitting said pseudo random nuifoer to said dtent; 
means for waiting for a double^ncrypted data from said dient; 
noeans for obtakiing a servers secret key; 

means for deaypting said double-encrypted nunfoer with said sender's seaet key into a decrypted random 
numl3er and another decrypted data; and 
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means for decrypting said another encrypted data with said transmitted random number to obtain said aedit 
card number. 

97. A system as defined in daim 96, wtierein said nmns for obtaining a user's seaet key oonprises means lor reading 
s said users secret Key frwn a portable memory of said user. 

98. A system as defined in dalm 96. wfierein said means for receiving a crecfit caid nunt>er of said user from said 
server further oompiises: 

10 nieans responsive to a deternvnatioa made prior to said decrypting »^ 

nunber coincides with said pseudo random nuntMT which has been ^ 
l3le message to said dient and proceeding to a next operation; and 

means responsive to a determination, m^e prior to said decrypting said another, that said decrypted random 
nunber does not coincide with said psetJdo random r%ini>er whk^ 
75 a disable n^essage to said dent and quitting said supporling a play mode 

99. A syefeem as defined in daim 88. wherein: 

said received mode code ddines a limit^attached play mode: and 
20 means for receiving a service request further receives a Kmit value associated with said nvxte code, and 

whereki said means for supporting a play mode associated said received mode code oorrprises: 

means for proceeding to a next operation only if the value of a software meter associated with said mode code 

in said volume data tabte is (mder said finvt value: and 

nmns for sending a message informing an over finiit to said cient and quitfi^ 
ss sMpporting a picy mode associated said received nnode code if the value of a 

said mode code ffi said volume data table is not under said fimit value. 

lOO^AsystemasdeTnedin daim 99. wherein said limit value is orie of elective date and lime, af^^ 
aixf time, a maximum amount of playtime, and an altowdsle access count 

30 

1 01 ^ system as def ined in any Of dain« 54. 73 and 7^, wherelri ssM nieans for oblaM^ 
nieans for reading s»d user's seaet key from a portable nrienwry of said 

1 02.A systm as defined in daim 28 or 29. wherein said means for obtaining said seaet tey oomprises means for read- 
as ing said user^ seaet key from a pwtable memory of said user. 

lOdiA ntethod as defined in any of claims 10. 11. 19. 21. 22 and 55. wherein said appl i cation pewteg^ is recorded on a 
package media. 

40 1 04^ method as defined in daim 1 03. wherein said package media is of a wirfte-once type, and sM dient is a system 
Cc^s^ecrf playing said package media of said write-once type 

105^ application package as defined in dam l.wheron said padoge mecfiaisdistributedtoaptfl-chaserthereof or 
a subscriber thereof via a transmissksn media. 

45 

1 06^ system as defined in afiy of dafans 28. 29, 37, 39. 40, 70 and 88. wherein said applicatfon package is recorded 
onapadc^media. 

1 07^ system as defined in daim 106. wf>ereri said application padoge is recorded on a package media (rf a write- 
60 oncetype 

108^ system as defrod in daim 106. whorein at least a part of said vohime control data is reooided. aftor manufac- 
tuing said pad(age media, in an area different from a data area wfiere said at least one app6^^ 

55 109^ system as defied in daim 108, wherein said dient is a system provided with means for playing said pack^ 
media of saki write-once type. 

110^ system as defined in any of dainc 28. 29, 37. 39, 40, 70 and 88, wherein said applicatfon package is recorded 
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onaOVDandatleastapartofBaidvokjme(x>ntrolcfalat^ ina 
BCA (burst cutting area) of the DVD. and «H)erein saki ^ 

Ill^methodasdefkiedinanyofdajmslO, 11, 19. 21. 22. 43 and 55. wherein the appGcatksn package 
trftxjted to a purchaser thereof a a Gubsaiber via a tiansmts^ 
data has been acUed to saU applkatnn pactege after prepay 

1 12^ ^em ae defined in any of claims 28. 29. 37, 39. 40. 49. 70 and 88. wherein eaid application pactaqe has been 
distributed to a purchaser thereof or a sub&crft^er ttiereof via a transmission mecfa arvJ at least a part of said vol- 
ume control data has been added to said application package after preparng said ap(^k»toi packaga 



30 



EP0840194A2 



FIG. 1 



CONTROLLER 



RAM 



EEPROM 



10 



100 



-103 



146 



DISPLAY 



140 









VIDEO 






DECODER 










AUDIO 


^144 




DECODER 









HUMAN IPs 



110 



150- 



DVD DRIVER 

DBOOUIATION 
& 

QWR CORRECTION 



130 



102 



120 i 



IC CARD 
IF 



COHNUNiCATION IF 



CLIENT 



t 



7^ 





COMIUNiCATION IF 














CONTROLLER |— 


IC 

CARD 
IF 




IC 

CARD 









0 



31 



EP0840194A2 



FIG. 2 



20 



BURST CUniNG AREA 


DtSTRiBUTION DESCRIPTOR 




VOLUME DESCRIPTOR 


VOLUME CONTROL PROGRAM 


DATA AREA 


APPLICATION 






(APPLICATION) 

* 
« 



,23 
,22 
,24 
-21 



FIG. 3 



,25 
,26 



VOLUME IDENTIFIER (VI Dv) 



PROVIDER IDENTIFIER (PI Dp) 



,27 
,28 



VOLUME CREATION DATE AND TIME 



VOLUME EFFECTIVE DATA AND TIME 



(APPLICATION IDENTIFIER 1) 



29 



(APPLICATION IDENTIFIER 2) 



32 



EP0840194A2 



FIG. 4 



VOLUME ISSUE NUMBER (NOvi) 



SERVER PUBLIC KEY (PK1) 
(PK2) 



PKu- ENCRYPTED AP-ENCRYPTING KEY (Kv) = el (PKu. Kv) 



SALES DATE AND TIME 
TERMS-OF-USE CODE PLUS LIMIT VALUE FOR THE VOLUME 
(TERMS-OF-USE CODE PLUS LIMIT VALUE FOR APPLICATION 1) 
(TERMS-OF-USE CODE PLUS LIMIT VALUE FOR APPLICATION 1) 




33 



EP 0840 194 A2 



FIG. 5 

( START ) 




THE APPLICATION- 
SELECTED APPLICATION 



510 



.502 



DISPLAY APPLICATION TITLES ; 
AND PROMPT THE USER TO 
SELECT DESIRED ONE 



READ FIELD 34 




THE APPLICATION- 
SELECTED APPLICATION 



yes/ 



508 



THE TOU CODE FiaD 35 FOR 
THE APPLICATION IS EMPTY 9 



JMO 



) 




PLAY AN APPLICATION 
FREE OF CHARGE 



c 



FREE 

PLAY MODE 



PLAY AN APPLICATION 
IN USAGE-SENSITtVE 
CHARGING 



CHARGED 
PLAY MODE 



PERMIT THT PLAY 
ONLY WHEN THE 
METER IS UNDER 
A PRESn LIMIT 



LIMIT- 
AmCHED 
PLAY MODE 



END 



34 



EP0840194A2 




EP08401MA2 



00 
CO 



\^ .1 



CO 

o 

CO 



00 
GC 

> 

QC 
CO 



I- 

CO 



ceo 
o — 



UJ ^ 




o 




o 




o 




CM 








s 










36 



EP0840194A2 



FIG. 9 
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FIG. 12 A 
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